[Honeywall] Know Your Enemy: GenII Honeynet -- Clarification

Earl Sammons earl.sammons at gmail.com
Mon Apr 26 14:39:48 EDT 2010


Vincent,

In it's most common form, the Honeywall is a "Three Legged Dog" where,
as you suspect, two legs form a Layer2 bridge over which "Dirty"
traffic (and maybe other traffic) flows between bad guys and
Honeypots.  The third leg usually has an IP assigned and is used for
management.

Not sure how you can run without MACs.  I suspect the paper should
read "no IP address" instead of "no MAC addresses"?

Earl

On Mon, Apr 26, 2010 at 1:36 PM, Vincent R Ragosta <vrr6 at pitt.edu> wrote:
> I was reviewing the article above on the Honeynet.org website and am a
> bit confused by something I read.  It states that one of the reasons
> that they honeywall is difficult to detect is because there is no MAC
> address associated with the gateway.  Is this a misprint?  I thought the
> honeywall was a layer2 bridge and therefore would have a MAC address
> associated with it.
>
> Can someone please clarify what the article was trying to convey?
>
> Thanks.
>
> Vincent
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>


More information about the Honeywall mailing list