s23

Terminal

File Edit View lerminal Tabs Help

root@honeypot honeyd# arpd -d 10.0.0.4-10.0.0.254

arpd[6408): listening on ethO: arp and (dst net 10.0.0.4/30 or dst net 10.0.0.8/29 or dst net 10.0.0.16/28 or dst net 10.0.0.32/27 or dst net 10.0.0.64/26 or dst net 10.0.0.128/26 or dst net 10.0.0.192/27 or dst net 10.0.0.224/28 or dst net 10.0.0.240/29 or dst net 10.0.0.248/30 or dst net 10.0.0.252/31 or dst net 10.0.0.254/32) and not ether src 00:00:39:af:68:f7

□

Terminal

File Edit View lerminal Tabs Help

root@honeypot honeyd# honeyd -d -u 0 -g 0 -f config3 10.0.0.4-10.0.0.254 Honeyd V0.8b Copyright (c) 2002-2004 Niels Provos

honeyd!6409]: started with -d -u 0 -g 0 -f config3 10.0.0.4-10.0.0.254 Warning: Impossible SI rangę in Class fingerprint "IBM 0S/400 V4R2M0"

Warning: Impossible SI rangę in Class fingerprint "Microsoft Windows NT 4.0 SP3"

honeyd!6409]: listening promiscuously on ethO: (arp or ip proto 47 or (ip and (dst net 10.0.0.4/30 or dst net 10.0.0.8/29 or dst net 10.0.0.1

6/28 or dst net 10.0.0.32/27 or dst net 10.0.0.64/26 or dst net 10.0.0.128/26 or dst net 10.0.0.192/27 or dst net 10.0.0.224/28 or dst net 10

.0.0.240/29 or dst net 10.0.0.248/30 or dst net 10.0.0.252/31 or dst net 10.0.0.254/32))) and not ether src 00:00:39:af:68:f7

honeyd!6409]: Demoting process privileges to uid O, gid O

honeyd!6409]: Connection request: tcp (10.0.0.3:32796 - 10.0.0.200:4444)

honeyd!6409]: Connection established: tcp (10.0.0.3:32796 - 10.0.0.200:4444) <-> /bin/sh scripts/MSBlaster_Catcher.sh 10.0.0.3 10.0.0.200

honeyd!6409]: Expiring TCP (10.0.0.3:32796 - 10.0.0.200:4444) (0x832ale0) in state 7

honeyd!6409]: exiting on signal 2

root@honeypot honeyd# Is -1 /worms/MSBlaster/

total 4

drwxr-xr-x 2 root root 4096 Feb 23 18:27 10.0.0.3-10.0.0.200-1109179662 root@honeypot honeyd# Is -1 /worms/MSBlaster/10.O.O.3-10.O.O.200-1109179662/ total 56

-rw-r--r--    1 root root 51200 Feb 23 18:27 msblast.exe

root@honeypot honeyd# [