I'm trying to setup honeytrap on a debian box. I'm using honeytrap 1.0,
on a virtual interface with a private IP address.
I have some issues simulating talks with honeytrap. Whenever I try to
contact any of the ports honeytrap is monitoring on his IP address, I
see an error in the logfile stating that honeytrap is unable to bind.
See the logs below when I'm trying to simulate an attack on pop3 service:
[2008-07-28 12:40:12] 32319 172.17.20.6:3040 requesting tcp connection
[2008-07-28 12:40:12] 32319 Port 110/tcp is configured to be handled in
[2008-07-28 12:40:12] 32329 Requesting tcp socket.
[2008-07-28 12:40:12] 32329 Unable to bind to port 28160/tcp: Address
already in use.
[2008-07-28 12:40:12] 32319 Process 32319 received signal 17 on pipe.
[2008-07-28 12:40:12] 32319 SIGCHILD received.
[2008-07-28 12:40:12] 32319 Process 32329 terminated.
[2008-07-28 12:40:12] 32319 Warning - Process 32329 exited on failure.
And I have the same problem on every port I try to connect to. I started
honeypot with the following command:
honeytrap -a 172.17.20.72 -u honeyd -g honeyd -t 6 -C
/usr/local/etc/honeytrap/honeytrap.conf -D -L
Am I doing something wrong here ?
From: Tillmann Werner <tillmann.werner@gm...> - 2008-07-28 16:47:22
> I'm trying to setup honeytrap on a debian box. I'm using honeytrap 1.0,
> on a virtual interface with a private IP address.
Numerous bugs were fixed since 1.0, but there is no 1.1 release yet. Do
a subversion checkout like this
svn co https://svn.mwcollect.org/honeytrap/trunk honeytrap
and configure && make that code.
> honeytrap -a 172.17.20.72 -u honeyd -g honeyd -t 6 -C
> /usr/local/etc/honeytrap/honeytrap.conf -D -L
That looks OK. By the way, you use the pcap stream monitor, right? On
Linux you might want to give the nfq stream monitor a try.
Get latest updates about Open Source Projects, Conferences and News.