Home / Browse / honeytrap / Mail / Archive

honeytrap

Email Archive: honeytrap-devel (read-only)

2006:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep (1)	_Oct (1)	_Nov	_Dec
2007:	_Jan	_Feb	_Mar	_Apr (2)	_May	_Jun	_Jul	_Aug (2)	_Sep	_Oct (4)	_Nov (1)	_Dec
2008:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul (18)	_Aug (1)	_Sep	_Oct	_Nov (5)	_Dec
2009:	_Jan (2)	_Feb	_Mar	_Apr (5)	_May	_Jun	_Jul	_Aug	_Sep (7)	_Oct (1)	_Nov (1)	_Dec
2010:	_Jan (1)	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec
2011:	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug (6)	_Sep	_Oct (3)	_Nov (3)	_Dec

[honeytrap-devel] Honeytrap unable to bind

From: tatooin <tatooin@fr...> - 2008-07-28 10:56

Hi All,

I'm trying to setup honeytrap on a debian box. I'm using honeytrap 1.0, 
on a virtual interface with a private IP address.

I have some issues simulating talks with honeytrap. Whenever I try to 
contact any of the ports honeytrap is monitoring on his IP address, I 
see an error in the logfile stating that honeytrap is unable to bind. 
See the logs below when I'm trying to simulate an attack on pop3 service:

[2008-07-28 12:40:12] 32319  172.17.20.6:3040 requesting tcp connection 
on 172.17.20.72:110.
[2008-07-28 12:40:12] 32319  Port 110/tcp is configured to be handled in 
normal mode.
[2008-07-28 12:40:12] 32329  Requesting tcp socket.
[2008-07-28 12:40:12] 32329  Unable to bind to port 28160/tcp: Address 
already in use.
[2008-07-28 12:40:12] 32319  Process 32319 received signal 17 on pipe.
[2008-07-28 12:40:12] 32319  SIGCHILD received.
[2008-07-28 12:40:12] 32319  Process 32329 terminated.
[2008-07-28 12:40:12] 32319  Warning - Process 32329 exited on failure.

And I have the same problem on every port I try to connect to. I started 
honeypot with the following command:

honeytrap -a 172.17.20.72 -u honeyd -g honeyd -t 6 -C 
/usr/local/etc/honeytrap/honeytrap.conf -D -L 
/var/log/honeytrap/honeytrap.log

Am I doing something wrong here ?

Thanks !

Re: [honeytrap-devel] Honeytrap unable to bind

From: Tillmann Werner <tillmann.werner@gm...> - 2008-07-28 16:47

Hi,

> I'm trying to setup honeytrap on a debian box. I'm using honeytrap 1.0, 
> on a virtual interface with a private IP address.

Numerous bugs were fixed since 1.0, but there is no 1.1 release yet. Do 
a subversion checkout like this

	svn co https://svn.mwcollect.org/honeytrap/trunk honeytrap

and configure && make that code.

> honeytrap -a 172.17.20.72 -u honeyd -g honeyd -t 6 -C 
> /usr/local/etc/honeytrap/honeytrap.conf -D -L 
> /var/log/honeytrap/honeytrap.log

That looks OK. By the way, you use the pcap stream monitor, right? On 
Linux you might want to give the nfq stream monitor a try.

Regards,
Tillmann