Configuring VMware and Installing your Honeypots

VMware is virtualization software that allows you to run multiple operating systems at the same time. For the purpose of this paper, we are going to build our Honeywall on a server machine, comprising a P4 2.4 GHz processes and 1 GB RAM. The base operating system is Red Hat 8.0.

Once installed, the next step is to configure the VMware. Configuration is done by executing the command 'vmware-config.pl'.

[root@honeywall vmware]# vmware-config.pl

Making sure VMware Workstation's services are stopped.

Do you want networking for your virtual machines? (yes/no/help) [yes]

Would you prefer to modify your existing networking configuration using the wizard or the editor?

(wizard/editor/help) [editor]

The following virtual networks have been defined:

. vmnet0 (Bridge)

. vmnet1 (Host-only)

. vmnet8 (NAT)

Do you wish to make any changes to the current virtual networks settings? (yes/no) [no] yes

Which virtual network do you wish to configure? (0-99) 8

The network vmnet8 has been reserved for a NAT network.  You may change it, but it is highly

recommended that you use it as a NAT network.  Are you sure you want to modify it? (yes/no) [yes]

What type of virtual network do you wish to set vmnet8?

(bridged,hostonly,nat,none) [none]

The following virtual networks have been defined:

. vmnet0 is bridged to eth0

. vmnet1 is a host-only network on private subnet 192.168.0.0.

Do you wish to make additional changes to the current virtual networks settings?(yes/no) [no]

Do you want this program to automatically configure your system to allow your virtual machines

to access the host's filesystem? (yes/no/help) [no]

Starting VMware services:

   Virtual machine monitor                                 [  OK  ]

   Virtual ethernet                                        [  OK  ]

   Bridged networking on /dev/vmnet0                       [  OK  ]

   Host-only networking on /dev/vmnet1 (background)        [  OK  ]

The configuration of VMware Workstation 4.0.5 build-6030 for Linux for this

running kernel completed successfully.

You can now run VMware Workstation by invoking the following command:

"/usr/bin/vmware".

Enjoy,

--the VMware team

We will be configuring the Honeywall [4] and all the honeypots [6 - 9] on VMware. The goal is to have the entire honeypots [6 - 9] route through the Honeywall [4]. We will be using VMware virtual networking components to create our required network.

Above is a logical VMware configuration diagram. It shows the virtual network orientation and how the honeypots [6 - 9] connects through the Honeywall [4] to an external network.

To set up this configuration, you must create five virtual machines [6 - 9] and use the Virtual Machine Control Panel to adjust the settings for their virtual Ethernet adapters. Four of them will be used for the honeypots [6 - 9] and one will be used for Honeywall [4]. We will also install 4 different guest operating systems [6 - 9] in each virtual machine and make the network settings in each virtual machine to route them through the Honeywall [4].

Set up five virtual machines using the New Virtual Machine Wizard. Create the first virtual machine for Honeywall [4] with bridged networking (VMnet0) [3] so it can connect to an external network using the host computer's Ethernet adapter [1]. Also make sure that the Virtual Disk for Honeywall should be IDE. Create the other four virtual machines [6 - 9] with host-only networking (VMnet1) [5].

Use the Virtual Machine Control Panel to edit the Honeywall Virtual Machine Settings. Add two virtual network adapters and connect them to Bridge Network (VMnet0) and Host-only Networking (VMnet1) respectively. The VMware Honeywall configuration would look something like in Figure - 2.

Now, install the individual honeypots except the Honeywall. Configure the machines with real internet IP addresses. These would be the IPs which an attacker would attack. A typical honeypots configuration would look something like in Figure - 3.