[Honeywall] 4-5 Computers Honeynet Setup

r00t r00t at ellicit.org
Fri Jun 26 03:06:13 EDT 2009


James,

That makes more sense, thank you.
However, I still have a few questions about the network in this diagram
above the honeywall:

http://files.getdropbox.com/u/12240/Screenshot.png

Could you describe where eth2 and eth0 go? And how this generally works with
the switch?

I am creating my own model of how the network will work, any advice is
appreciated:

http://files.getdropbox.com/u/12240/AbsHoneynet.jpeg

I'm not quite sure I understand where eth2 going.
Since the honeywall is a remote location, I will be accessing it via its IP
(of course restricted to a certain IP).

As I can tell, this is the only way in the honeywall, and thus the only way
to connect to Walleye (correct me if I am wrong).

Thanks


2009/6/25 JT <tyra0002 at umn.edu>

> Well without knowing more info I would install roo to the most powerful
> machine (must have 3 network cards) and place windows on the rest. Then
> infect the windows with malware of your choice. VMs add un-needed complexity
> in my opinion.
>
> Each windows machine has a separate public IP, but the connections are
> physically routed through the roo computer, via a switch.
>
> The big managed switch that hooks us to the net has been configured to
> forward multiple ips to 1 physical port (one hooked to roo). Roo has
> bridging setup by default so all traffic flows correctly.
>
> So roo is inserted in series (EE term) to both ends of the connection. It
> can snort-inline data and rate limit via tc.
>
>
> This is the exact setup we are running.
> (I skipped some details, if you want more info just ask. Roo has a very
> very steep learning curve.)
>
> -James
>
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: r00t <r00t at ellicit.org>
>
> Date: Thu, 25 Jun 2009 13:15:31
> To: Mailing list for users and developers of the Honeywall<
> honeywall at public.honeynet.org>
> Subject: [Honeywall] 4-5 Computers Honeynet Setup
>
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20090625/43848e95/attachment.html


More information about the Honeywall mailing list