LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-11-2006, 03:40 PM   #1
showard
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Rep: Reputation: 0
Honeyd script problems


Hello,

I'm running fedora core 3 with honeyd(1.5a) and arpd(0.2).

Arpd seems to be running fine. by looking at the debugging output it is sending out the arp responses just fine.

Honeyd however seems to grab them... sort of. Honeyd doesn't respond to nmap scans so nmap constantly says there is no hosts. However, when i attempt to connect to honeyd on a specified service, i get the following error.

arpd
--------------------------------
[root@localhost zombie]# arpd -d -i eth0 192.168.5.0/24
arpd[3720]: listening on eth0: arp and (dst net 192.168.5.0/24) and not ether src 00:e0:29:42:26:13
arpd[3720]: arpd_lookup: no entry for 192.168.5.151
arpd[3720]: arpd_send: who-has 192.168.5.151 tell 192.168.5.107
arpd[3720]: arpd_send: who-has 192.168.5.151 tell 192.168.5.107
arpd[3720]: arp reply 192.168.5.151 is-at 00:e0:29:42:26:13


honeyd
---------------------------------
honeyd[3736]: Connection request: tcp (192.168.5.113:3777 - 192.168.5.151:23)
honeyd[3736]: Connection established: tcp (192.168.5.113:3777 - 192.168.5.151:23) <-> perl /home/zombie/honeyd_kit-1.0c-a/scripts/router/cisco/router-telnet.pl
honeyd[3736]: E(192.168.5.113:3777 - 192.168.5.151:23): Can't open perl script "/home/zombie/honeyd_kit-1.0c-a/scripts/router/cisco/router-telnet.pl": Permission denied.
Use -S to search $PATH for it.


As you can see... A client (192.168.5.113) is looking for a host 192.168.5.151. The honeypot 192.168.5.107 intercepts the request, introduces itself as 192.168.5.151.

When the script is attempted to be ran, it errors with a "Permission denied. Use -S to search $PATH for it."

Does this mean that it doesn't have access to the PERL executable or is something is going wrong?

the UID and GID are both 99.

Thank you,

Sean
 
Old 04-11-2006, 03:47 PM   #2
showard
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Original Poster
Rep: Reputation: 0
one more thing

One more thing...

the scripts work fine when i run them command line.

perl /home/zombie/...../router-telnet.pl

-Sean
 
Old 04-11-2006, 08:32 PM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,349

Rep: Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750Reputation: 2750
Double check ownerships & perms ie is perl script & honeyd both uid=99, gid=99?
Perms= -rwxr-x--- ?
What about the parent dir?
Does honeyd have perl exe in it's $PATH?
 
Old 04-11-2006, 09:59 PM   #4
showard
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Smile chown nobody /home/zombie/honeyd_kit-1.0a/

Man... the rights did me in... as usual.

chown nobody /home/zombie/honeyd_kit-1.0a/

And everything was happy... almost.

That fixed the permission denied thing.

But now.. i can only ping virtual hosts.

When i nmap, it goes to scanned 1 host (0 hosts up).

Any ideas?

-Sean

ps. Thanks for your help on the last problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is anyone using honeyd or the Honeywall CD-Rom Roo? thorn168 Linux - Security 3 03-13-2012 01:19 AM
Installation of HoneyD on Fc3 navinxavier Linux - Software 1 12-01-2004 06:20 PM
easy honeyd question captgoodnight Linux - Security 1 03-14-2004 03:29 PM
Need help on scripts for honeyd aikshin Linux - Security 1 12-16-2003 05:17 PM
Anyone good at honeyd james_cwy Linux - Security 4 11-12-2003 07:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration