[Honeywall] 4-5 Computers Honeynet Setup

r00t r00t at ellicit.org
Fri Jun 26 03:29:56 EDT 2009


What kind of requirements do I need for the switch, I showed a
networking friend of mine and he said that in order to connect to the
honeywall via eth2, the switch should support port based vlans.  Is
this accurate?

On Thu, Jun 25, 2009 at 9:06 PM, r00t <r00t at ellicit.org> wrote:
>
> James,
>
> That makes more sense, thank you.
> However, I still have a few questions about the network in this diagram above the honeywall:
>
> http://files.getdropbox.com/u/12240/Screenshot.png
>
> Could you describe where eth2 and eth0 go? And how this generally works with the switch?
>
> I am creating my own model of how the network will work, any advice is appreciated:
>
> http://files.getdropbox.com/u/12240/AbsHoneynet.jpeg
>
> I'm not quite sure I understand where eth2 going.
> Since the honeywall is a remote location, I will be accessing it via its IP (of course restricted to a certain IP).
>
> As I can tell, this is the only way in the honeywall, and thus the only way to connect to Walleye (correct me if I am wrong).
>
> Thanks
>
>
> 2009/6/25 JT <tyra0002 at umn.edu>
>>
>> Well without knowing more info I would install roo to the most powerful machine (must have 3 network cards) and place windows on the rest. Then infect the windows with malware of your choice. VMs add un-needed complexity in my opinion.
>>
>> Each windows machine has a separate public IP, but the connections are physically routed through the roo computer, via a switch.
>>
>> The big managed switch that hooks us to the net has been configured to forward multiple ips to 1 physical port (one hooked to roo). Roo has bridging setup by default so all traffic flows correctly.
>>
>> So roo is inserted in series (EE term) to both ends of the connection. It can snort-inline data and rate limit via tc.
>>
>>
>> This is the exact setup we are running.
>> (I skipped some details, if you want more info just ask. Roo has a very very steep learning curve.)
>>
>> -James
>>
>> Sent from my Verizon Wireless BlackBerry
>>
>> -----Original Message-----
>> From: r00t <r00t at ellicit.org>
>>
>> Date: Thu, 25 Jun 2009 13:15:31
>> To: Mailing list for users and developers of the Honeywall<honeywall at public.honeynet.org>
>> Subject: [Honeywall] 4-5 Computers Honeynet Setup
>>
>>
>> _______________________________________________
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
>> https://public.honeynet.org/mailman/listinfo/honeywall
>>
>>
>> _______________________________________________
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
>> https://public.honeynet.org/mailman/listinfo/honeywall
>>
>


More information about the Honeywall mailing list