[Honeywall] RE: SEBEK SERVER & TRIPWIRE Configuration

Jefferson, Shawn Shawn.Jefferson at bcferries.com
Fri Jul 18 14:07:46 EDT 2008


Can your honeypots access your websites using the ip addresses?  That should tell you if it's a DNS issue or not.  Did you configure blacklists or fencelists?

 

________________________________

From: honeywall-bounces at public.honeynet.org [mailto:honeywall-bounces at public.honeynet.org] On Behalf Of Dan Kay
Sent: July 17, 2008 12:38 PM
To: honeywall at public.honeynet.org
Subject: [Honeywall] RE: SEBEK SERVER & TRIPWIRE Configuration

 

Thanks Guys.  Its not vmware.  I have two windows boxes. Which config do you need?.  I have installed 1.4 with same result.  I allowed the honeypots access to the DNS servers (ISPs). Please help.


> From: honeywall-request at public.honeynet.org
> Subject: Honeywall Digest, Vol 14, Issue 17
> To: honeywall at public.honeynet.org
> Date: Thu, 17 Jul 2008 12:00:03 -0400
> 
> Send Honeywall mailing list submissions to
> honeywall at public.honeynet.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> https://public.honeynet.org/mailman/listinfo/honeywall
> or, via email, send a message with subject or body 'help' to
> honeywall-request at public.honeynet.org
> 
> You can reach the person managing the list at
> honeywall-owner at public.honeynet.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
> 
> 
> Today's Topics:
> 
> 1. Re: Re: Honeywall Digest, Vol 14, Issue 15 (Rob McMillen)
> 2. Re: SEBEK SERVER & TRIPWIRE Configuratio (Rob McMillen)
> 3. RE: SEBEK SERVER & TRIPWIRE Configuration (Jefferson, Shawn)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 17 Jul 2008 08:13:42 -0400
> From: "Rob McMillen" <rvmcmil at gmail.com>
> Subject: Re: [Honeywall] Re: Honeywall Digest, Vol 14, Issue 15
> To: "Mailing list for users and developers of the Honeywall"
> <honeywall at public.honeynet.org>
> Message-ID:
> <bf6b07a70807170513p7a52feb7qa2e80078b544aa05 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Did you edit sbk_install.sh and at a minimum changed DESTINATION_PORT?
> The one that was in the archive.
> 
> On Wed, Jul 16, 2008 at 6:44 PM, Gayan Sahabandu <gayan.leo at gmail.com> wrote:
> > Hi David,
> > I got a good idea about it now after your explanation.
> 
> I guess this means the HOWTO is not clear?
> 
> Rob
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Thu, 17 Jul 2008 08:17:14 -0400
> From: "Rob McMillen" <rvmcmil at gmail.com>
> Subject: Re: [Honeywall] SEBEK SERVER & TRIPWIRE Configuratio
> To: "Mailing list for users and developers of the Honeywall"
> <honeywall at public.honeynet.org>
> Message-ID:
> <bf6b07a70807170517p15bf2c93sd4e0222adf4ded2b at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On Wed, Jul 16, 2008 at 7:22 PM, Dan Kay <ctk11 at hotmail.com> wrote:
> > Thanks Jeff for your prompt response. The roo 1.3 has tripwire installed
> > like the 1.4.
> 
> Why 1.3 and not 1.4? Did you do something in 1.4 that did not work
> and you had to revert to 1.3?
> 
> > What I want to know is Do I need to configure it or does it
> > work out of the box.
> 
> I am fairly sure that tripwire is not configured ready out of the box.
> 
> > Also My honeypots can not access any website. Though
> > I was able to ping the DNS servers and these websites from the honeypots
> > using thier ip addresses but not with the names. Has this got to do with
> > the DNS. Do I need to set another DNS apart from my ISPs DNS. Other
> > systems outside the honeywall with same DNS can access the internet.
> 
> Are you doing this in vmware? What is your configuration?
> 
> Rob
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Thu, 17 Jul 2008 09:43:39 -0600
> From: "Jefferson, Shawn" <Shawn.Jefferson at bcferries.com>
> Subject: RE: [Honeywall] SEBEK SERVER & TRIPWIRE Configuration
> To: "Mailing list for users and developers of the Honeywall"
> <honeywall at public.honeynet.org>
> Message-ID:
> <C374BD52DCE71A49B5C2DEF35D971B750D7FE598 at HEXMBVS01.hostedmsx.local>
> Content-Type: text/plain; charset="us-ascii"
> 
> Hi,
> 
> 
> 
> You definitely need to configure tripwire. Check out this link:
> http://www.honeynet.org/tools/cdrom/roo/manual/txt/tripwire.txt
> 
> 
> 
> Do you have your Honeynet DNS configured? You need to tell Honeywall
> which systems in your honeynet you want to be able to access DNS, and
> which DNS servers they can access. You should be able to use your ISP's
> DNS.
> 
> 
> 
> ________________________________
> 
> From: honeywall-bounces at public.honeynet.org
> [mailto:honeywall-bounces at public.honeynet.org] On Behalf Of Dan Kay
> Sent: July 16, 2008 4:22 PM
> To: honeywall at public.honeynet.org
> Subject: [Honeywall] SEBEK SERVER & TRIPWIRE Configuration
> 
> 
> 
> Thanks Jeff for your prompt response. The roo 1.3 has tripwire
> installed like the 1.4. What I want to know is Do I need to configure
> it or does it work out of the box. Also My honeypots can not access any
> website. Though I was able to ping the DNS servers and these websites
> from the honeypots using thier ip addresses but not with the names. Has
> this got to do with the DNS. Do I need to set another DNS apart from my
> ISPs DNS. Other systems outside the honeywall with same DNS can access
> the internet. Please help again Jeff and all!!!!!. Thanks.
> 
> ________________________________
> 
> Get Messenger on your Mobile! Get it now!
> <http://clk.atdmt.com/UKM/go/101719964/direct/01/> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://public.honeynet.org/pipermail/honeywall/attachments/20080717/b9a3a291/attachment-0001.html
> 
> ------------------------------
> 
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
> 
> 
> End of Honeywall Digest, Vol 14, Issue 17
> *****************************************



________________________________

Win £3000 to spend on whatever you want at Uni! Click here to WIN! <http://clk.atdmt.com/UKM/go/101719803/direct/01/> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20080718/e3b5e63a/attachment.html


More information about the Honeywall mailing list