[Honeywall] Re: Honeywall Digest, Vol 13, Issue 14

Rafik AIT DJOUDI r.aitdjoudi at gmail.com
Tue Jun 24 10:43:08 EDT 2008


Hello!
Can we implement all machines (Attacker, Honeywall, Honeypots) with virtual
machines in VMware. We have only one physical network interface of the host
machine.
In this case, we don't see how to bridge the internal interface eth0  of the
honeywall to the virtual adapter of the honeypots LAN gateway.
we are waiting for suggestions how to implement the whole honeynet network
in Vmware.

Thanks.



2008/6/16 <honeywall-request at public.honeynet.org>:

> Send Honeywall mailing list submissions to
>        honeywall at public.honeynet.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://public.honeynet.org/mailman/listinfo/honeywall
> or, via email, send a message with subject or body 'help' to
>        honeywall-request at public.honeynet.org
>
> You can reach the person managing the list at
>        honeywall-owner at public.honeynet.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
>
>
> Today's Topics:
>
>   1. Re: Re: Honeywall Digest, Vol 13, Issue 12 (Bjoern Weiland)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 16 Jun 2008 16:43:39 +0200
> From: Bjoern Weiland <bjoern.weiland at rz.uni-karlsruhe.de>
> Subject: Re: [Honeywall] Re: Honeywall Digest, Vol 13, Issue 12
> To: Mailing list for users and developers of the Honeywall
>        <honeywall at public.honeynet.org>
> Message-ID: <48567C1B.3060407 at rz.uni-karlsruhe.de>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> > _Honeypots_:
> >
> >     * Windows honeypot: 192.168.100.10 <http://192.168.100.10> (a
> >       default gateway is eth1:192.168.100.1 <http://192.168.100.1>)
> >       (with IIS web server  installed )
> >     * Linux honeypot: 192.168.100.20 <http://192.168.100.20> (a default
> >       gateway is eth1:192.168.100.1 <http://192.168.100.1>) (with apache
> >       web server installed)
>
> Misconception! eth1 (of honeywall) will not have an IP. Use your normal
> gateway of the Honeypot LAN's subnet
>
> > _Honeywall:_ with three interfaces:
> >
> >     * internal interface eth1 (with host only mode): 192.168.100.1
> >       <http://192.168.100.1>
> >     * external interface eth0 (with bridge mode): 10.0.1.30
> >       <http://10.0.1.30>
>
> There should be no IP on these virtual interfaces!
>
> HowTo:
> In Vmware, create 3 virtual adapters in the following order (The order
> seems to be important):
> 1) bridged to the interface that is connected to the Honeypot LAN (this
> will be taken over by honeywall as eth0)
> 2) host-only (eth1)
> 3) bridged to the interface that is connected to the mgmt LAN (eth2)
>
> Then install honeywall and configure. It will autmatically bridge eth0
> and eth1, therefore, these interfaces will have no IP and will belong to
> the same network. Configure your honeypot to have an IP of the
> corresponding honeypot LAN (not the mgmt LAN). This is the IP an
> attacker will attack. The gateway should be located in this LAN as well.
>
>  -best regards, bjoern
>
>
> ------------------------------
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>
> End of Honeywall Digest, Vol 13, Issue 14
> *****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20080624/54d0f785/attachment.html


More information about the Honeywall mailing list