Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Third Party Tools » sebek server and Client

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

sebek server and Client


Posted by Coldness on March 09, 2005 20:54:42

I am trying to install Sebek client on my honeypot. But it keeps showing an error " Installing Sebek:
ERROR: Undefined Destination Port "


what does it all mean ?


Below is my part of my config file:


"

#!/bin/sh
#------------------------------------------------------------------------------
#----- SEBEK LINUX CLIENT INSTALL SCRIPT --------------------------------------
#------------------------------------------------------------------------------


#------------------------------------------------------------------------------
#----- USER CONFIGURABLE OPTIONS --------------------------------------------
#----- NOTE: YOU MUST SPECIFIY A MAGIC VALUE AND DESTINATION PORT
#------------------------------------------------------------------------------


#----- INTERFACE:
#-----
#----- Identifies the interface from which Sebek will log
#----- This does not need to be an interface that has a
#----- configured IP address.
#-----
INTERFACE="eth0"
#----- DESTINATION_IP:
#-----
#----- sets destination IP for sebek packets
#-----
#----- If the collector is on the LAN, this value can be any address.
#-----
DESTINATION_IP="192.168.1.11"


#----- DESTINATION_MAC:
#-----
#----- sets destination MAC addr for sebek packets
#-----
#----- If the collector is running on the LAN, use the MAC from
#----- the collectors NIC.
#-----
#----- If the collector is multiple hops a way, set this to the MAC
#----- of Default Gateway's NIC

DESTINATION_MAC="00:01:02:95:22:47"

#----- SOURCE_PORT:
#-----
#----- defines the source udp port sebek sends to
#-----
#----- If multiple sebek hosts are behind NAT the source port
#----- is one way of distinguishing the two hosts

#-----
#-----
#----- Range: 1 to 655536
#----- Range: 0x0001 to 0xffff
#-----
SOURCE_PORT=1101


#----- DESTINATION_PORT:
#-----
#----- defines the destination udp port sebek sends to
#-----
#----- ALL HONEYPOTS that belong to the same group NEED
#----- to use the SAME value for this.
#-----
#----- Range: 1 to 655536
#----- Range: 0x0001 to 0xffff
#-----
DESTINATION_PORT=3306


#----- MAGIC_VAL
#-----
#-----
#----- defines the magic value in the sebek record, it
#----- used along with the Destination Port to identify
#----- packets to hide from userspace on this host. Its
#----- an unsigned 32 bit integer.
#-----
#----- ALL HONEYPOTS that belong to the same group NEED
#----- to use the SAME value for this.
#-----
#----- Range 1 to 4.29497 billion
#----- Range 0x00000001 to 0xffffffff
#-----
MAGIC_VAL=32


Posted by j333 on March 18, 2005 06:31:38

I use both src and dst port = 1101
I have this setup on a few machines and seems to work fine for me?

Posted by Coldness on March 28, 2005 20:49:08

I have tried configuring the source and destination port to 1101 but it still displays the same error any particular reason ?
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.