I sent this to the honeypots list but I got no takers. I was hoping someone here might be able to help me. My question involves the interaction between iptables and arpd. arpd is used in the honeyd project (http://www.honeyd.org/tools.php). I have a fedora core 3 box and I have the following iptables script: # IptablesScript iptables -F iptables -X # Set Default Policy to drop everything iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP I believe that this should block all traffic going to and from the machine (Ip address of 192.168.0.3) So I ping 192.168.0.3 and get no response back (As I expected) When I add arpd into the mix with honeyd bound to the arpd ip (192.168.0.5) I ping the arpd/honeyd IP of 192.168.0.5 from a different machine and I get no response back (as I expected) BUT my honeyd sees the traffic: honeyd[PID]: Sending ICMP Echo Reply: IPAddyOfHoneyPot -> SourceMachine honeyd[PID]: couldn't send packet: Operation not permitted So I don't understand why the traffic is getting to the arpd/honeyd process if my iptables is dropping everything? I understand why I am getting the "honeyd[PID]: couldn't send packet: Operation not permitted" as the default OUTPUT chain is drop. But why is the traffic getting by my INPUT chain? I realize that arpd and honeyd are not applicable to the list, but I received no replies (I guess I am out of karma) on the honeyd list or from the maintainer of the arpd project. Any help is appreciated. And Thanks.
