[Honeywall] Re: Honeywall Digest, Vol 13, Issue 14

O.Kamal okamalo at gmail.com
Thu Jun 26 11:13:47 EDT 2008


Check VMware networking paper:
http://www.vmweekly.com/pdf/networking_in_vmware.pdf


On Tue, Jun 24, 2008 at 5:43 PM, Rafik AIT DJOUDI <r.aitdjoudi at gmail.com> wrote:
> Hello!
> Can we implement all machines (Attacker, Honeywall, Honeypots) with virtual
> machines in VMware. We have only one physical network interface of the host
> machine.
> In this case, we don't see how to bridge the internal interface eth0  of the
> honeywall to the virtual adapter of the honeypots LAN gateway.
> we are waiting for suggestions how to implement the whole honeynet network
> in Vmware.
>
> Thanks.
>
>
> 2008/6/16 <honeywall-request at public.honeynet.org>:
>>
>> Send Honeywall mailing list submissions to
>>        honeywall at public.honeynet.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>        https://public.honeynet.org/mailman/listinfo/honeywall
>> or, via email, send a message with subject or body 'help' to
>>        honeywall-request at public.honeynet.org
>>
>> You can reach the person managing the list at
>>        honeywall-owner at public.honeynet.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Honeywall digest..."
>>
>>
>> Today's Topics:
>>
>>   1. Re: Re: Honeywall Digest, Vol 13, Issue 12 (Bjoern Weiland)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 16 Jun 2008 16:43:39 +0200
>> From: Bjoern Weiland <bjoern.weiland at rz.uni-karlsruhe.de>
>> Subject: Re: [Honeywall] Re: Honeywall Digest, Vol 13, Issue 12
>> To: Mailing list for users and developers of the Honeywall
>>        <honeywall at public.honeynet.org>
>> Message-ID: <48567C1B.3060407 at rz.uni-karlsruhe.de>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> > _Honeypots_:
>> >
>> >     * Windows honeypot: 192.168.100.10 <http://192.168.100.10> (a
>> >       default gateway is eth1:192.168.100.1 <http://192.168.100.1>)
>> >       (with IIS web server  installed )
>> >     * Linux honeypot: 192.168.100.20 <http://192.168.100.20> (a default
>> >       gateway is eth1:192.168.100.1 <http://192.168.100.1>) (with apache
>> >       web server installed)
>>
>> Misconception! eth1 (of honeywall) will not have an IP. Use your normal
>> gateway of the Honeypot LAN's subnet
>>
>> > _Honeywall:_ with three interfaces:
>> >
>> >     * internal interface eth1 (with host only mode): 192.168.100.1
>> >       <http://192.168.100.1>
>> >     * external interface eth0 (with bridge mode): 10.0.1.30
>> >       <http://10.0.1.30>
>>
>> There should be no IP on these virtual interfaces!
>>
>> HowTo:
>> In Vmware, create 3 virtual adapters in the following order (The order
>> seems to be important):
>> 1) bridged to the interface that is connected to the Honeypot LAN (this
>> will be taken over by honeywall as eth0)
>> 2) host-only (eth1)
>> 3) bridged to the interface that is connected to the mgmt LAN (eth2)
>>
>> Then install honeywall and configure. It will autmatically bridge eth0
>> and eth1, therefore, these interfaces will have no IP and will belong to
>> the same network. Configure your honeypot to have an IP of the
>> corresponding honeypot LAN (not the mgmt LAN). This is the IP an
>> attacker will attack. The gateway should be located in this LAN as well.
>>
>>  -best regards, bjoern
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
>> https://public.honeynet.org/mailman/listinfo/honeywall
>>
>>
>> End of Honeywall Digest, Vol 13, Issue 14
>> *****************************************
>
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>


More information about the Honeywall mailing list