[Honeywall] Know Your Enemy: GenII Honeynet -- Clarification

Earl Sammons earl.sammons at gmail.com
Mon Apr 26 14:39:48 EDT 2010


In it's most common form, the Honeywall is a "Three Legged Dog" where,
as you suspect, two legs form a Layer2 bridge over which "Dirty"
traffic (and maybe other traffic) flows between bad guys and
Honeypots.  The third leg usually has an IP assigned and is used for

Not sure how you can run without MACs.  I suspect the paper should
read "no IP address" instead of "no MAC addresses"?


On Mon, Apr 26, 2010 at 1:36 PM, Vincent R Ragosta <vrr6 at pitt.edu> wrote:
> I was reviewing the article above on the Honeynet.org website and am a
> bit confused by something I read.  It states that one of the reasons
> that they honeywall is difficult to detect is because there is no MAC
> address associated with the gateway.  Is this a misprint?  I thought the
> honeywall was a layer2 bridge and therefore would have a MAC address
> associated with it.
> Can someone please clarify what the article was trying to convey?
> Thanks.
> Vincent
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall

More information about the Honeywall mailing list