我正在尝试设置我的一个honeyd
模板,但一直收到错误消息,抱怨没有可以到达我想要绑定的 IP 地址的接口。这是我honeyd.conf
文件中的内容:
route entry 30.0.0.1
route 30.0.0.1 link 30.0.0.0/24
create routerone
set routerone personality "Cisco 7206 running IOS 11.1(24)"
set routerone default tcp action reset
set routerone default icmp action open
add routerone tcp port 23 "/etc/honeypot/scripts/telnet/faketelnet.pl"
create winxp
set winxp personality "Linux Kernel 2.4.20"
#set winxp personality "Microsoft Windows XP Professional SP1"
set winxp default tcp action reset
set winxp default udp action block
set winxp default icmp action open
add winxp tcp port 22 proxy 10.0.0.200:22
add winxp tcp port 23 "/etc/honeypot/scripts/telnet/faketelnet.pl"
add winxp tcp port 24 "sh /etc/honeypot/scripts/hello.sh"
set winxp ethernet "00:11:22:33:44:55"
bind 30.0.0.100 winxp
bind 30.0.0.1 routerone
尝试运行honeyd
守护程序时,我收到以下错误消息:
$ honeyd -d -i ens160:1 -f honeyd.conf 30.0.0.0/24
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[4093]: started with -d -i ens160:1 -f honeyd.conf 30.0.0.0/24
honeyd[4093]: listening promiscuously on ens160:1: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (net 30.0.0.0/24))) and not ether src 00:0c:29:40:e7:6a
honeyd[4093]: Demoting process privileges to uid 65534, gid 65534
当我没有设置以太网地址时,它可以正常工作,我可以 ping 它。因此,显然有一个可以到达 30.0.0.100 的接口。我看到一些配置与 结合设置固定以太网地址dhcp
,但我需要绑定到静态 IP 地址。
有任何想法吗?
答案1
好吧,我终于让它工作了,结果发现我误解了 MAC 地址的功能。我以为它是为了欺骗任意的 MAC 地址,但它似乎实际上是用来指定将honeyd
其输出发送到哪个接口的。我遇到的问题是,honeyd
通过与请求来源不同的接口发送其响应。所以我配置honeyd
为将模板的响应发送winxp
到我想要的接口。
以下是对我有用的配置:
我正在界面honeyd
上运行br192
。
$ ifconfig br192
br192 Link encap:Ethernet HWaddr 00:0c:29:16:3c:80
inet addr:0.1.2.3 Bcast:255.255.255.255 Mask:0.0.0.0
inet6 addr: fe80::20c:29ff:fe16:3c80/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:103730 errors:0 dropped:0 overruns:0 frame:0
TX packets:771 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21835405 (21.8 MB) TX bytes:72694 (72.6 KB)
我的honeyd.conf
文件:
create winxp
set winxp personality "Microsoft Windows XP Professional SP1"
set winxp default tcp action reset
set winxp default udp action reset
set winxp default icmp action open
set winxp ethernet "00:0c:29:16:3c:80"
bind 10.0.0.200 winxp
起始honeyd
:
$ sudo honeyd -d -i br192 -f /etc/honeypot/honeyd.conf 10.0.0.200/31
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[5524]: started with -d -i br192 -f /etc/honeypot/honeyd.conf 10.0.0.200/31
honeyd[5524]: listening promiscuously on br192: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (net 10.0.0.200/31))) and not ether src 00:0c:29:16:3c:80
honeyd[5524]: Demoting process privileges to uid 65534, gid 65534