Hi again!
Ok, so I'm trying to make honeyd 0.6a work in one of my OpenBSD 3.3
boxes. I'm almost there, but I can't get over one stupid problem. It's
quite possible I've just messed up something with the configuration.
I was able to compile honeyd without a problem, and it is up and
running. I've created an IP alias for it (ifconfig rl1 inet alias
10.1.1.222 255.255.255.255) in the hope I would not have to use arpd,
pf's rdr or anything similar. And, as the log shows, I can connect to
it:
honeyd[5493]: Connection request: tcp (10.1.1.100:3413 - 10.1.1.222:80)
honeyd[5493]: Connection established: tcp (10.1.1.100:3413 - 10.1.1.222:80) <-> sh
The log entry above comes when I telnet to 10.1.1.222 from my laptop.
Honeyd should now run scripts/web.sh, and this is where things go wrong:
I just get a TCP reset. =( Here's what tcpdump shows:
20:31:18.808187 10.1.1.222.80 > 10.1.1.100.3434: S \
717083627:717083627(0) ack 3753723135 win 8215 <mss \
1000,nop,wscale 0,nop,nop,timestamp 6568920 0> (DF)
20:31:18.808546 10.1.1.100.3434 > 10.1.1.222.80: . \
ack 1 win 65000 <nop,nop,timestamp 375208 6568920>
20:31:18.808761 10.1.1.222.80 > 10.1.1.100.3434: R \
717083628:717083628(0) win 0 (DF)
20:31:18.834724 10.1.1.222.80 > 10.1.1.100.3434: . \
1:14(13) ack 1 win 8215
20:31:19.835600 10.1.1.222.80 > 10.1.1.100.3434: . \
1:14(13) ack 1 win 8215
20:31:21.845579 10.1.1.222.80 > 10.1.1.100.3434: . \
1:14(13) ack 1 win 8215
If I run scripts/web.sh from the console, it works just as expected.
This is what I have in my config file:
create windows
set windows personality "Windows NT 4.0 Server SP5-SP6"
set windows default tcp action reset
set windows default udp action reset
add windows tcp port 80 "sh scripts/web.sh"
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows uptime 3284460
bind 10.1.1.222 windows
Any ideas what could be wrong?
Thanks in advance, again. =)
- Jyri
Received on Sun Sep 28 2003 - 19:57:22 PDT
