Geoff,

On 3 May 2002, Geoffrey Hing wrote:

> I am building a honeynet using user-mode-linux and have gotten the
> networking set up. Based on reading the UML documentation, I have the
> networking configured to use tun/tap for networking between the physical
> host and a virtual host acting as a gateway and the switch daemon to
> network the virtual hosts. Now I am ready to start setting up the
> firewall and the IDS (I plan to use snort), but I am unsure of where I
> should do this. The obvious choice to me seems to be on the virtual
> gateway. As far as I know, the physical host isn't able to see the
> network traffic between the virtual hosts networked with the switch
> daemon so to see this traffic I should have the IDS on the virtual
> gateway which has both a tap interface and an interface that uses the
> switch daemon.

I think you are able to set the uml_switch to act as a hub with the -hub
option.

Similarly, since the virtual gateway is the gateway for
> all the other honeypots it seems the natural place to implement the
> firewall rules. Does this seem right? Has anyone had better success
> with other configurations using user mode linux?

I put together a shell script that sets up networking for a uml honeynet.
You can find it at http://pobox.upenn.edu/~clarkmic/

Hope that helps,

Mike

>
> Cheers,
> Geoff
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]