Hi Naeem,
Ive been hosting a similar project since july but with Linux as the Host OS,
Using XP as the Host OS might not be the wisest decision, However i'l try
give you a few pointers:
The updated Pak Honeynet design is kool & should work fine, but just to get
my head straight lets redraw:
The conceptual ASCII Architecture :-) (I love the diagrams - need to learn
visio)
[Router]-------[HostOS:eth0 ]
| |
| V
[ | (VMware Bridged int: eth0)
Guest-- [ | | ----[Honeywall-roo]
[ | (VMware Host-Only int: eth1)
| |
V V
[vmnet-host-only-switch]
|
V
Guest--[ [honeypot: Host-Only:eth0] (can be ubuntu/windows server etc)
1. Make sure the Honeypots are assigned a routable Public IP. i.e. ppl from
outside your subnet can see the honeypots and vice versa.
2. Make sure you can see packets arriving on both the honeywall int (eth0 &
eth1) use tcpdump.
3. Make sure you configure the management interface in a way that it can be
accessible by any IP (just for testing)
4. Bringing the univ lan down is definately not the honeywall, IMHO it can
be you trying to spoof your mac or something troubling the security policy
denying unregistered mac frames or causing frames loop around and chowking
the switch
5. The possible floodings can be arp broadcasts, you can confirm this from
tcpdump on the honeywall.
6. I wont worry too much about the host-only adapter IP
7. I used VMware Server for my implementation.
Hope that helps.
Thanks, Fahim
On Fri, Dec 5, 2008 at 6:00 AM, <[EMAIL PROTECTED]>wrote:
> Message: 1
> Date: Thu, 4 Dec 2008 06:52:35 -0800 (PST)
> From: Naeem Firdous Syed <[EMAIL PROTECTED]>
> Subject: [Honeywall] Installing Virtual Honeynet
> To: [email protected]
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset="windows-1252"
>
> Hi,
> I am trying to install Honeynet and Honeypots using VMware
> Workstation in my university campus as I need to collect data and write a
> report on the type of malicious activities in the network. I tried to
> install the virtual Honeynet by following the procedure given by the Pak
> Honeynet project but without any success. I tried various other
> configurations but no success till now and i am running short of time.
> The problems that i am facing are:
> i am not able to access the management interface from the host machine,
> once or twice i was able to access the mamagenet interface from the honeypot
> but i did see any activity on it.
> Honeynet is taking lot of time to load and during that time its flooding
> the network and the network connectivity is getting down in the Univ LAN.
> My configuration is as described below:
> Host machine OS : windows XP proffesional
> Installed VMware which created three virtual adapters VMnet0, VMnet1 and
> VMnet8.
> VMnet0 – bridged to host computers eth0.
> VMnet1- Host only adaptor – IP 192.168.40.1
> VMnet8 – NAT adaptor IP-192.168.235.1
> My host machine IP – eth0 – 10.40.3.35
> My host machine default gateway 10.40.3.254
> I need to install the honeywall and the Honeynet (windows server 2003 and
> Ubuntu 8.10) using VMware.
> Please guide me with the installation procedure so that I can start
> collecting data.
>
> Thanks,
>
>
>
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
