[Honeywall] 4-5 Computers Honeynet Setup

JT tyra0002 at umn.edu
Fri Jun 26 13:13:08 EDT 2009


On Thu, 2009-06-25 at 21:29 -1000, r00t wrote:
> What kind of requirements do I need for the switch, I showed a
> networking friend of mine and he said that in order to connect to the
> honeywall via eth2, the switch should support port based vlans.  Is
> this accurate?

I would not say this is a "requirement," but a good idea. 

If you hook eth0 and eth2 into the same switch on the same vlan (or to a
switch with no vlans) it will work. It is just  a bad idea because now
your Honeywall and Honeypots are on the same subnet. This makes it easy
for the bad guys to find the honeyport, among other things. 


-JT
> 
> On Thu, Jun 25, 2009 at 9:06 PM, r00t <r00t at ellicit.org> wrote:
> >
> > James,
> >
> > That makes more sense, thank you.
> > However, I still have a few questions about the network in this diagram above the honeywall:
> >
> > http://files.getdropbox.com/u/12240/Screenshot.png
> >
> > Could you describe where eth2 and eth0 go? And how this generally works with the switch?
> >
> > I am creating my own model of how the network will work, any advice is appreciated:
> >
> > http://files.getdropbox.com/u/12240/AbsHoneynet.jpeg
> >
> > I'm not quite sure I understand where eth2 going.
> > Since the honeywall is a remote location, I will be accessing it via its IP (of course restricted to a certain IP).
> >
> > As I can tell, this is the only way in the honeywall, and thus the only way to connect to Walleye (correct me if I am wrong).
> >
> > Thanks
> >
> >
> > 2009/6/25 JT <tyra0002 at umn.edu>
> >>
> >> Well without knowing more info I would install roo to the most powerful machine (must have 3 network cards) and place windows on the rest. Then infect the windows with malware of your choice. VMs add un-needed complexity in my opinion.
> >>
> >> Each windows machine has a separate public IP, but the connections are physically routed through the roo computer, via a switch.
> >>
> >> The big managed switch that hooks us to the net has been configured to forward multiple ips to 1 physical port (one hooked to roo). Roo has bridging setup by default so all traffic flows correctly.
> >>
> >> So roo is inserted in series (EE term) to both ends of the connection. It can snort-inline data and rate limit via tc.
> >>
> >>
> >> This is the exact setup we are running.
> >> (I skipped some details, if you want more info just ask. Roo has a very very steep learning curve.)
> >>
> >> -James
> >>
> >> Sent from my Verizon Wireless BlackBerry
> >>
> >> -----Original Message-----
> >> From: r00t <r00t at ellicit.org>
> >>
> >> Date: Thu, 25 Jun 2009 13:15:31
> >> To: Mailing list for users and developers of the Honeywall<honeywall at public.honeynet.org>
> >> Subject: [Honeywall] 4-5 Computers Honeynet Setup
> >>
> >>
> >> _______________________________________________
> >> Honeywall mailing list
> >> Honeywall at public.honeynet.org
> >> https://public.honeynet.org/mailman/listinfo/honeywall
> >>
> >>
> >> _______________________________________________
> >> Honeywall mailing list
> >> Honeywall at public.honeynet.org
> >> https://public.honeynet.org/mailman/listinfo/honeywall
> >>
> >
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall



More information about the Honeywall mailing list