[Netkit.users] Making netkit communicate with honeyd

Deependra Singh Shekhawat deepsa at fedoraproject.org
Fri Jun 12 10:52:21 CEST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/12/2009 02:14 PM, Massimo Rimondini wrote:
> Dear Deependra,
> 
> I think I need some more clarification about the scenario.
> 
>> I would like backtrack 3 to act as the media for the communication
>> between honeyd and netkit.
> 
> So, Backtrack should act as a router between the Netkit and honeyd networks.
> 
>> Honeyd simulates multiple routers which are connected in following way:
>>
>> router 1 - 10.0.0.1 (this is the entry router)
>> router 2 - 10.1.0.1 connected to router 1
>> router 3 - 10.2.0.1 connected to router 2
>> router 4 - 10.3.0.1 connected to router 3
>> router 5 - 10.4.0.1 connected to router 4
>> router 6 - 10.5.0.1 connected to router 4
> 
> Ok. I don't know in detail how honeyd operates, but I see that all the
> routers are on the same subnet (10.0.0.0/8), and there are two things that
> sound strange to me in such a setting: (1) routers usually "separate"
> subnets and (2) to establish a chain of routers you need to equip each one
> with at least two network interfaces. Now, this configuration may be
> completely legal in honeyd, but I still miss the semantics.
> 
>> Now router 5 and router connects to the first machine in netkit that is
>> 192.168.3.1
> 
> "and router ..."? You probably meant router 1.
> 
>> This makes 2 possible paths to the netkit VM (192.168.3.1) via the
>> honeyd network. Now when I ping 192.168.3.1 it should go through the
>> honeyd network first (kind of like honeyd , entry router, acting as my
>> default gateway) and then to the netkit VM,
> 
> Where do you ping 192.168.3.1 from? From inside the honeyd network?
> 
> Overall, the only thing that I can suggest at this stage is to check whether
> there are enough static routes in your Backtrack host and in Netkit to
> instruct them about where to send traffic directed to other subnets. Failing
> ARP resolutions may also be a reason for the problems you are reporting.
> 
> Regards,
> Massimo.
> 
> 
> _______________________________________________
> Netkit.users mailing list
> Netkit.users at list.dia.uniroma3.it
> http://list.dia.uniroma3.it/mailman/listinfo/netkit.users
> 
Hi Massimo,

I thank you very much for your quick reply and extremely sorry for not
providing the correct details , I just looked back to my mail and found
I posted some incorrect details about my honeyd config , please find it
below:

# Router/Routes Setup
route entry 10.0.0.1
route 10.0.0.1 link 10.64.0.0/10
route 10.0.0.1 add net 10.128.0.0/10 10.128.0.1 latency 68ms loss 0.2

route 10.128.0.1 link 10.144.0.0/12
route 10.128.0.1 add net 10.160.0.0/12 10.160.0.1 latency 17ms loss 0.2

route 10.160.0.1 link 10.164.0.0/14
route 10.160.0.1 add net 10.168.0.0/14 10.168.0.1 latency 9ms loss 0.1

route 10.168.0.1 link 10.169.0.0/16
route 10.168.0.1 add net 10.170.0.0/16 10.170.0.1 latency 99ms loss 0.1

route 10.170.0.1 link 10.170.64.0/18
route 10.170.0.1 add net 10.170.128.0/18 10.170.128.1 latency 92ms loss 0.2

route 10.170.128.1 link 10.170.144.0/20
route 10.170.128.1 add net 10.170.160.0/20 10.170.160.1 latency 98ms
loss 0.2

route 10.170.160.1 link 10.170.164.0/22
route 10.170.160.1 add net 10.170.168.0/22 10.170.168.1 latency 43ms
loss 0.2

route 10.170.168.1 link 10.170.169.0/24
route 10.170.168.1 add net 10.170.170.0/24 10.170.170.1 latency 2ms loss 0.1

route 10.170.170.1 link 10.170.170.64/26
route 10.170.170.1 add net 10.170.170.128/26 10.170.170.129 latency 47ms
loss 0.2

route 10.170.170.129 link 10.170.170.144/28
route 10.170.170.129 add net 10.170.170.160/28 10.170.170.161 latency
34ms loss 0.1

route 10.0.0.1 link 10.0.0.1/32
route 10.128.0.1 link 10.128.0.1/32
route 10.160.0.1 link 10.160.0.1/32
route 10.168.0.1 link 10.168.0.1/32
route 10.170.0.1 link 10.170.0.1/32
route 10.170.128.1 link 10.170.128.1/32
route 10.170.160.1 link 10.170.160.1/32
route 10.170.168.1 link 10.170.168.1/32
route 10.170.170.1 link 10.170.170.1/32
route 10.170.170.129 link 10.170.170.129/32
route 10.170.170.161 link 10.170.170.161/32


Now this is my honeyd config here you see multiple networks with
multiple routers. Now when I start honeyd before that I just do this:


# route add -net 10.0.0.0 netmask 255.0.0.0 lo

And then I start honeyd. Now I can actually ping 10.170.170.161 and also
do traceroute on 10.170.170.161 and see that my packet travels from all
the routers in the way

NOTE: I ping / traceroute from my backtrack 3 host which has three
interfaces

tap0
lo
eth0

I would like the router 10.170.170.129 to end up communicating with the
netkit VM that is 192.168.3.1

You can't get login to honeyd routers as they are just simulated routers
with very basic functionality.

I can ping 192.168.3.1 from Backtrack 3 because my netkit is configured
that way but what I would like to do is

ping 192.168.3.1 from backtrack 3 which travels from honeyd first and
then end up in the netkit.

This requires honeyd to be able to communicate to the netkit VM.

I hope now I have clarified my situation a bit.

Also let me know what you think about the above honeyd config , I think
this time we don't have routers all on the same subnet or is it that
still we are on the same subnet? I would like to keep every router on
different subnet

Thanks
Deependra Singh Shekhawat
- -- 
RHCE/RHCSS Certificate number: 804006843818597
Type: pub
bits/keyID: 1024D/483B234C
Date: 2007/06/29
Key Server: pgp.mit.edu
User ID: Deependra Singh Shekhawat (Fedora Project)
<jeevanullas at gmail.com> <deepsa at fedoraproject.org>
Key fingerprint: ED45 62EA A4D7 53FB 44C7  774A D55B F3F0 483B 234C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoyF0UACgkQ1Vvz8Eg7I0xgvwCePxsX3+kupMSrmF2i3ve68fCW
qSkAn1/iME6EGuC0LjAP9Qz1zmL9ZTGQ
=r5sx
-----END PGP SIGNATURE-----

More information about the Netkit.users mailing list