Security :: Real System In Between Honeypot Monitoring Range / "Connection Timed Out"?
Dec 6, 2010
I am just out of curiosity working with honeypot and found there are two way for arpd to route the unused IP to honeypot with blackhole and arp spoofing.Now to test, I am arp spoofing 5 machines from 192.168.100.41 to .45 and also honeypot is monitoring this range too. But I have setup a real machine with webserver in between this range and gave IP address 192.168.100.45.Now logically as arp and honeypot both are monitoring this range so they capture this request as below from log:
PHP Code:
arpd[1690]: arpd_lookup: no entry for 192.168.100.45
arpd[1690]: arpd_send: who-has 192.168.100.45 tell 192.168.100.10
arpd[1690]: arpd_send: who-has 192.168.100.45 tell 192.168.100.10
arpd[1690]: arp reply 192.168.100.45 is-at 08:00:27:00:76:e5
arpd[1690]: arp reply 192.168.100.45 is-at 08:00:27:00:76:e5
code....
Now arpd is redirecting the traffic to honeypot machine as there is a real system with real MAC address. But from 192.168.200.10 I can also view the webpage of 192.168.100.45 machine. But most of the time it says "Connection Timed out".
Should it be acting like this or it shouldn't be showing me the webpage at all?
View 1 Replies
ADVERTISEMENT
Nov 23, 2010
I have implemented two machines one for honeypot(192.168.100.10) and another(192.168.100.20) to remotely log the honeypot log file using syslog. Inside honeypot I emulated another 3 machines with services on virtual IPs of that same block.Now honeypot is working and I can see the logs generating as I did a portscan(nmap) on those virtual IPs from .20 machine.All of the machines are running ubuntu.
But does anyone know any s/w or tools which originally attackers use so that I can get a clear picture of what happens from the logs. Having problems creating these attack scenarios.
View 2 Replies
View Related
Mar 24, 2011
I'm trying to find a file access honeypot for our Fedora server.That is, if a local file is accessed, it should notify someone. Plain and simple..
View 8 Replies
View Related
Jun 1, 2010
I am from India, and I tried to update my Ubuntu system today. Code: $sudo apt-get update The update failed because the connection to the India mirror timed out: Code: [URL] Could not connect to in.archive.ubuntu.com:80 (111.91.91.37). - connect (110: Connection timed out) I tried the update a few times, with the same result every time.
I had firestarter running at this time, and noticed that I would get new security events every time I tried an update. I checked the events list, and it turned out that the machine at the ip address 111.91.91.37 (the in.archive.ubuntu.com machine, to go by the above error message) had been trying to make connections to seemingly random ports on the machine every time I tried the update: see the attached screenshot. I then changed my repositories to the Main Server using Synaptic, and tried the update again (from the command-line). This time it worked without a hitch, and firestarter did not report any unwanted incoming connection. why is the India mirror trying to open connections that the Main server apparently does not need in order for me to do the update? Should I (we) be concerned?
View 3 Replies
View Related
Jul 13, 2010
when I am run:
ssh -v "login"@"server"
I get:
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server ["address"] port 22.
debug1: connect to address "address" port 22: Connection timed out
ssh: connect to host "server" port 22: Connection timed out
I suppose this is because I am connecting from a public institute where there is a firewall that is blocking an outbound connection on port 22.Is there anyway I can bypass the firewall using the internet ?
View 2 Replies
View Related
May 19, 2010
I have snipped part of my log i captured on the my honey pot need recommendation on what is going o? The infected computers is located at address ${ADDRESS}. A quick check of my low interaction Honeypot (based on nepenthes) gives the following data: i know its a worm but what is going on thanks in advance
linux-sqos:/opt/nepenthes/var/log # cat nepenthes.log
<snip>
[18032007 02:26:03 info module] 76 4
[18032007 02:26:03 info module] SMB Session Request 76
H CKFDENECFDEFFCFGEFFCCACACACACACA
code....
View 2 Replies
View Related
Feb 7, 2010
Is there any web-tool that provides real time squid users utilization and websites access.
View 2 Replies
View Related
May 6, 2010
Unable to mount NFS server on the client.
Getting the following error.
mount: RPC: Remote system error - Connection timed out
View 3 Replies
View Related
Mar 23, 2011
Linux printing appeared to be working fine up until yesterday. Today typing lpq gives the following: lpq Printer 'sdst@other.domain' - cannot open connection - Connection timed out Make sure LPD server is running on the server
The /etc/cups/printers.conf file is properly set, the printers appear in localhost:631 and they are printing test pages. However, all command line print commands seem to be trying to print to sdst@other.domain I don't know why printers.conf is being ignored and why and how sdst@other.domain was added. Seems like it might have been auto-discovered?
# dit: sdst@other.domain was mentioned in /usr/local/etc/lpd.conf I'm not sure why lpd.conf is being used instead of /etc/cups/printers.conf
View 1 Replies
View Related
Apr 24, 2011
PPPOE connection Timed Out-i have downloaded the rp-pppoe utility and installed for PPPOE connection.As per the instruction given with the utility i followed that .i have given pppoe-setup and given all the parameters required like service name , username ,password,firewall as none ,dsn as server an all the option .finally i got the message as congratulation you have successfully setup the pppoe connection.you can use pppoe-start and pppoe-status.
View 11 Replies
View Related
Mar 21, 2011
i have two PCs A and B, both are connected via LAN PC A Configuration is
IP Address 10.102.6.232
Broadcast Address 10.102.6.255
Subnet Mask 255.255.255.0
Default Route 10.102.6.2
Primary DNS 144.16.192.55
[Code]...
I am trying to connect B from A using command shh -X devendra@144.16.205.236, and facing error like ssh port 22 connection timed out.
View 13 Replies
View Related
Nov 4, 2010
I have SSH running on port 8662 and 22. I use 8662 for the outside world (eth0 which is 192.168 network) Here are the only lines I have changed in sshd_config:
Port 22
Port 8662
#Protocol 2,1
[code]....
BTW, ports forwarded on my firewall, checked and triple checked it.
View 5 Replies
View Related
Mar 8, 2010
I am building 1 system includes 1 firewall server using iptables 1 Webserver && 1 FTP server. On FTP server IP: 192.168.1.2 - GW: 192.168.1.1, I installed ProFTPD successfully. In LAN I do everything successful.
On Firewall server <IP PUBLIC> on eth0 && IP LAN eth1: 192.168.1.1
Iptables rules:
Code: # Generated by iptables-save v1.3.5 on Sun Mar 7 21:01:16 2010
*nat
:PREROUTING ACCEPT [950:126970]
:POSTROUTING ACCEPT [89:5880]
:OUTPUT ACCEPT [19:1342]
-A PREROUTING -d <IP PUBLIC> -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.1.2:21
-A POSTROUTING -s 192.168.1.2 -o eth0 -j SNAT --to-source <IP PUBLIC>
COMMIT
# Completed on Sun Mar 7 21:01:16 2010
# Generated by iptables-save v1.3.5 on Sun Mar 7 21:01:16 2010
*filter
:INPUT DROP [1599:157409]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [232:34452]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
COMMIT
# Completed on Sun Mar 7 21:01:16 2010 In FTP server i access to internet good.
I check port 21 on IP PUBLIC , it's return Open.
But when I using ftp command then it's show Code: Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
Aborting any active data connections...
ftp> bye
C:Documents and SettingsLONGVNIT>ftp <IP PUBLIC>
Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp>
View 5 Replies
View Related
Jul 4, 2011
when I try to connect via PuTTY from a windows machine I get " PuTTY Fatal error connection timed out. I try to do so via a router redirecting IPadr:86 to local adr:22 on the Linux machine.
I seems not to be a routing issue since the router is setup to redirect apparently correctly.
Well I have stopped iptables and selinux is disabled. The sshd deamon is running. I can logon with ssh locally "ssh webcamATlocal adr".
View 3 Replies
View Related
Feb 4, 2011
I am not so experienced with networking in Linux. I've successfully installed Red Hat Linux Enterprise 5.2 on a VMware host. When I issued nslookup command, it returns "connection timed out" error as follows:
Code:
[root@rac1 ~]# time nslookup rac1
;; connection timed out; no servers could be reached
real 0m15.038s
user 0m0.000s
sys 0m0.000s
My questions are:
(1) Is that error normal?
(2) Is there a way to decrease the 15.038s value? rac1 is the local hostname, so why it takes all that time to resolve it.
Following info may help:
Code:
[root@rac1 ~]# hostname
rac1.mydomain.com
[root@rac1 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
#eth0 - PUBLIC
192.0.2.100 rac1.mydomain.com rac1
[root@rac1 ~]# ping -c 4 rac1
PING rac1.mydomain.com (192.0.2.100) 56(84) bytes of data.
64 bytes from rac1.mydomain.com (192.0.2.100): icmp_seq=1 ttl=64 time=0.015 ms
64 bytes from rac1.mydomain.com (192.0.2.100): icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from rac1.mydomain.com (192.0.2.100): icmp_seq=3 ttl=64 time=0.029 ms
64 bytes from rac1.mydomain.com (192.0.2.100): icmp_seq=4 ttl=64 time=0.029 ms
--- rac1.mydomain.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.015/0.025/0.029/0.007 ms
View 9 Replies
View Related
Apr 29, 2011
I can't fetchmail form my company server to local PC. It gives error
fetchmail: WARNING: Running as root is discouraged.
fetchmail: starting fetchmail 6.3.6 daemon
fetchmail: connection to 202.137.236.11op3 [202.137.236.11/110] failed: Connection timed out.
fetchmail: POP3 connection to 202.137.236.11 failed: Connection timed out
fetchmail: Query status=2 (SOCKET)
fetchmail: connection to gmail.comop3 [74.125.236.56/110] failed: Connection timed out.
I am trying to connect but it can't.
View 14 Replies
View Related
Apr 18, 2011
I ma facing mount problem with error connection timed out between linux and solaris machine.
when i run mount command
root@rose> mount 10.142.201.104:/view/itb_configuration_712/vobs/ims_it /view/itb_configuration_712/vobs/ims_it/
[code]...
View 3 Replies
View Related
Jul 13, 2010
I am relatively new to Ubuntu. Currently running Lucid Lynx, but I cannot connect to the internet. I can ping 127.0.0.1, and google.com. Software update works as well, but the connection times out when I try connecting to a web site e.g. bbc.uk.
View 4 Replies
View Related
Jul 14, 2011
In our development box we are configured postgresql to work with Jboss. The thing is we have firewall iptables in our linux box. when the iptables is stopped we can connect the postgres db locally using -h option, also we can connect thru a weblink we have created using Jboss. But when the iptables is started we can't connect the db locally using the -h option and the web is giving the below error. Caused by:
org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
at org.postgresql.core.v3.ConnectionFactoryImpl.openC
[code]....
View 1 Replies
View Related
Jan 5, 2010
I am having alot of trouble setting up evolution to work with gmail. I am using pop for recieving mail and it's slow but still works. When I try to send mail with smtp.gmail.com I get the error message that the connection timed out. How can I set this up to send and recieve email?
View 6 Replies
View Related
Mar 28, 2011
I have 2 different networks :the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping [url]..... on the gateway machine, it works, while it doesn't work on the private network. Note: I am using VmWare 7, CentOS 5.
I could say that the problem in DNS:because when I use this command in the private network machine: [url]...., it says connection timed out; no servers could be reached ,while in the public one, it works properly.....
View 1 Replies
View Related
Dec 12, 2010
I've been trying since yesterday to install autoten per instructions below [URL]. However it has failed each time I have tried. Below is the terminal response.
Code:
[colyn@Fedora ~]$ su
Password:
[root@Fedora colyn]# rpm -Uvh [URL]
Retrieving [URL]
curl: (6) Could not resolve host: dnmouse.org; Connection timed out
error: skipping [URL] - transfer failed
[root@Fedora colyn]#
I am doing a copy/paste so I am not mis-typing the information. It says that the connection has timed out but I get the error message within 5 seconds of hitting enter.
View 8 Replies
View Related
Apr 21, 2010
I get the below errors when trying to connect to the below repos.It has almost always worked in the past. Is the site "packages.medibuntu.org" down again !?
Err http://packages.medibuntu.org karmic Release.gpg
Could not connect to packages.medibuntu.org:80 (88.191.82.11), connection timed out
Err http://packages.medibuntu.org karmic/free Translation-en_CA
[code]....
View 8 Replies
View Related
Jul 4, 2010
I have been playing with this for awhile now and I am ready to go postal.
I just want to move some files around and potentially rsync my net book with my desktop as well as learn the software (my primary reason)
Steps Taken.
Set Static IP address to machines on LAN
Turned on Port Forwarding (22)
Added Rule to UFW allow 22/TCP
View 9 Replies
View Related
Sep 26, 2010
I know that wget will give up after 20 failed connection attempts, but is there any way I can escape without waiting?
View 1 Replies
View Related
Jun 23, 2010
I have a problem sending emails in the command line. I have introduced this command:
sendEmail -f my.account@gmail.com -t myself@domain.tld
-u this is the test tile -m "this is a test message"
-s smtp.gmail.com
-o tls=yes
-xu usernameonly -xp mypasswd
But then I received this message:
sendEmail[13230]: ERROR => Connection attempt to smtp.gmail.com:25 failed: IO::Socket::INET: connect: Connection timed out
View 1 Replies
View Related
Feb 13, 2011
I am not able to connect to remote server through secureCRT . my local team has said that server is working fine . but I am not able to connect it remotely . what more i can do to connect it to server
View 10 Replies
View Related
Feb 17, 2011
I have standalone Suse 10 SP3 that when I run
Code: # hostname webserver but when I run host command
Code: # host webserver;; connection timed out; no servers could be reached I would like to get the IP when I issue
[Code]....
View 3 Replies
View Related
Feb 4, 2011
I've ben punding myhead on this issue. I've setup a new postifx server on rhel5. After editing the needed entries, i can't seem to send any outbound mails to yahoo or any other domains.My postconf -n is as follows:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
[code]...
View 2 Replies
View Related
Dec 13, 2010
I did a clean install of the latest version of Ubuntu. For some reason, there are still internet-issues. When I tried out the following command
Code:
telnet
open ftp.microsoft.com 21
I got
Code:
telnet: Unable to connect to remote host: Connection timed out
Also, during install of the new ubuntu, it was unable to reach the repos for downloading. Odd thing is that I can go online, and that when I type 'ftp.microsoft.com' in my browser, it displays the file-hierarchy.
View 1 Replies
View Related