昨天装好Redhat之后在系统中安装了honeyd。
按照《Virtual Honeypos-From Botnet Tracking to Intrusion Detection》一书的instruction,首先是下载并安装了3个包——libevent,libdnet和libpcap。然后下载安装了honeyd。
配置主机,让它不向前发送ip包(forward IP packets不知道该怎么理解)
| echo 0> /proc/sys/net/ipv4/ip_forward |
按照书上运行honeyd
|
$ sudo ./honeyd -d -f config.sample
Password:
Honeyd V1.0 Copyright (c) 2002-2004 Niels Provos
honeyd[8222]: started with -d -f config.sample
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0"
honeyd[8222]: listening promiscuously on fxp0: (arp or ip proto 47 or (udp
and src port 67 and dst port 68) or (ip ))
honeyd[8222]: HTTP server listening on port 80
honeyd[8222]: HTTP server root at /usr/local/share/honeyd/webserver/htdocs
honeyd[8222]: Demoting process privileges to uid 32767, gid 32767 |
但是我的运行结果却是:
[root@localhost ~]# honeyd -d -f config.sample
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[15661]: started with -d -f config.sample
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd: interface_new: bad interface configuration: peth0 is not IP |
貌似是没有运行起来,最后一句“honeyd: interface_new: bad interface configuration: peth0 is not IP”是什么意思呢?我对linux了解不多,对interface, phth0 等概念更是不清楚。看来要仔细查查了。
阅读(1202) | 评论(0) | 转发(0) |
