Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: FakeNetBIOS tools released

from [Hauguet, Francis] Network Security [Permanent Link]
Subject: Re: FakeNetBIOS tools released
Date: Wed, 19 Oct 2005 09:10:38 +0200
Patrick Chambet wrote: 
The individual tools are:

  - FakeNetbiosDGM (NetBIOS Datagram)
  - FakeNetbiosNS (NetBIOS Name Service)

Each tool can be used as a standalone tool or as a honeyd responder or
subsystem.


Hello all,

please note that in order to use those tools with honeyd, you may need to apply some patchs to honeyd src and use a custom version or honeyd won't be able to deliver broadcast packet (needed by NB-dgm).

These patchs are diffed from honeyd 1.0 (last stable release) and can be found here :
https://bugs.honeynet.org/show_bug.cgi?id=130
https://bugs.honeynet.org/show_bug.cgi?id=131

You can probably apply them on the latest release candidate without to much harm.

please note that those patchs are totally unsupported by honeyd author.

caveat : as you may have seen in the second patch, the behavior is correct only with a /24 network. this probably works with a < /24 network but you may want to change the following line, according to your config :
if((ntohl(dst_pa->addr_ip)&0xff)==0xff) { /*XXX*/

By the way, using only one honeyd box and being able to see a bunch of hosts with != ether addr, != ip addr populating the Windows "Network Places" using a custom domain really kicks a**.

way to go patrick !

regards,

--
Francis

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  FakeNetBIOS tools released, Patrick Chambet
Previous by Thread:  FakeNetBIOS tools released, Patrick Chambet
Indexes:  [Date] [Thread] [Top] [All Lists]