Configuring honeyd to mimic Windows XP SP1
set winxp personality "Microsoft Windows XP Professional SP1" set winxp default tcp action block set winxp default udp action block set winxp default icmp action reset set winxp uptime 1234567 add winxp tcp port 135 open add winxp tcp port 139 open add winxp tcp port 445 open set winxp ethernet "intel" dhcp winxp on eth0 o con gure static P on eth0 comment the dhcp command and enable bind command as follows: # bind ipaddress winxp Remember manufacturer’s ID number. The command:
set winxp ethernet "intel"
Semiconductor to the honeypot. The other commands are self under daemon mode, use the following command:
sudo honeyd –d –f winxp.conf
Using the daemon mode will enable you to see all the network requests and corresponding responses on the screen of the honeypot system.
Figures 3 and 4 show the results of scanning Windows’ honeypot by nmap.
The important points to consider in the screenshots in The process is being demoted from root level IP address is received from the DHCP server The establishment of ARP binding to Intel’s MAC address Various ARP responses synchronisation. There is at least one system using Dropbox in this network. The honeypot responds to it by closing the connection, since UDP port requests are blocked.