Honeyd script problems
Hello,
I'm running fedora core 3 with honeyd(1.5a) and arpd(0.2).
Arpd seems to be running fine. by looking at the debugging output it is sending out the arp responses just fine.
Honeyd however seems to grab them... sort of. Honeyd doesn't respond to nmap scans so nmap constantly says there is no hosts. However, when i attempt to connect to honeyd on a specified service, i get the following error.
arpd
--------------------------------
[root@localhost zombie]# arpd -d -i eth0 192.168.5.0/24
arpd[3720]: listening on eth0: arp and (dst net 192.168.5.0/24) and not ether src 00:e0:29:42:26:13
arpd[3720]: arpd_lookup: no entry for 192.168.5.151
arpd[3720]: arpd_send: who-has 192.168.5.151 tell 192.168.5.107
arpd[3720]: arpd_send: who-has 192.168.5.151 tell 192.168.5.107
arpd[3720]: arp reply 192.168.5.151 is-at 00:e0:29:42:26:13
honeyd
---------------------------------
honeyd[3736]: Connection request: tcp (192.168.5.113:3777 - 192.168.5.151:23)
honeyd[3736]: Connection established: tcp (192.168.5.113:3777 - 192.168.5.151:23) <-> perl /home/zombie/honeyd_kit-1.0c-a/scripts/router/cisco/router-telnet.pl
honeyd[3736]: E(192.168.5.113:3777 - 192.168.5.151:23): Can't open perl script "/home/zombie/honeyd_kit-1.0c-a/scripts/router/cisco/router-telnet.pl": Permission denied.
Use -S to search $PATH for it.
As you can see... A client (192.168.5.113) is looking for a host 192.168.5.151. The honeypot 192.168.5.107 intercepts the request, introduces itself as 192.168.5.151.
When the script is attempted to be ran, it errors with a "Permission denied. Use -S to search $PATH for it."
Does this mean that it doesn't have access to the PERL executable or is something is going wrong?
the UID and GID are both 99.
Thank you,
Sean
|