Adding IP addresses to your honeypot host

The network config of your linux host (or the instructions to create it within your cloud provider) will typically have just one IP address enabled per network interface controller (NIC), and you’ll likely only have one NIC. In order to use a honeypot, there will need to be additional IP addresses available on the host device. This article will guide you through the basics of how to do this for a self hosted Linux VM, or one you have commissioned on (AWS, Azure and GCP) cloud platforms.

These instructions represent a typical approach to the requirement. They’re not the only way of doing it, and you should always perform your own research before making changes to infrastructure within your organisation environment.

Self-hosted Ubuntu host

This could be a VM you are running in a virtualisation solution (such as Multipass or Virtual Box, etc). The solution here is simply to bind a new IP to your NIC by executing a few commands in the command line.

First, find out with network interface you are using:

ip a

This command lists the IP configuration for all NICS. You’ll get something like this:

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc mq state DOWN group default qlen 1000
  link/ether 02:81:29:99:df:5d brd ff:ff:ff:ff:ff:ff
3: wlan0: mtu 1500 qdisc mq state UP group default qlen 1000
  link/ether 12:81:29:99:df:5d brd ff:ff:ff:ff:ff:ff
  inet 192.168.0.241/24 brd 192.168.0.255 scope global noprefixroute wlan0
    valid_lft forever preferred_lft forever
  inet6 fe80::b6f:8961:8b73:428e/64 scope link noprefixroute
    valid_lft forever preferred_lft forever

If you look in section 3 (wlan0), you’ll see an IP address is already assigned and the state is UP. This tells us that “wlan0” is the active NIC, using an IP address of 192.168.0.241.

To bind a new IP address to this NIC, you first need to identify an empty IP address in the same subnet. Within your company network, we strongly recommend asking your infrastructure or networking team to provide such an address, but for a home network you could simply “ping” the next address in the range and see if anything responds (if not, you can use it).

To add the secondary IP address permanently to your wlan0 network interface, you should create a new netplan config file. The example below assumes that 192.168.0.242 is the next available address, the default gateway is 192.168.0.1, the subnet mask is 255.255.255.0 (/24) and that you want to bind it to your wlan0 network interface) 

Create a new custom netplan config file

vi /etc/netplan/99-custom-iface.yamlThen add the following to this file: 
 

network: 
  version: 2 
  renderer: networkd 
  ethernets: 
    ens5: 
      addresses: 
        - 10.0.1.154/32 

Then apply the changes using netplan

sudo netplan apply

And finally confirm the new IP address is added

ip a

Which should show results like below, where you can see the .242 address is added to wlan0

1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc mq state DOWN group default qlen 1000
  link/ether 02:81:29:99:df:5d brd ff:ff:ff:ff:ff:ff
3: wlan0: mtu 1500 qdisc mq state UP group default qlen 1000
  link/ether 12:81:29:99:df:5d brd ff:ff:ff:ff:ff:ff
  inet 192.168.0.241/24 brd 192.168.0.255 scope global noprefixroute wlan0
    valid_lft forever preferred_lft forever
  inet 192.168.0.242/24 brd 192.168.0.255 scope global noprefixroute wlan0
    valid_lft forever preferred_lft forever
  inet6 fe80::b6f:8961:8b73:428e/64 scope link noprefixroute
    valid_lft forever preferred_lft forever

Self-hosted Red Hat Enterprise Linux host 

Instructions for adding a secondary IP address on Red Hat Enterprise Linux (needs sudo privileges). These instructions assume the target network interface is wlan, the desired IP to be used by the honeypot is 192.168.0.242, and the subnet mask is 255.255.255.0 (/24): 

Create a new ifconfig file:  

touch /etc/sysconfig/network-scripts/ifcfg-wlan0:0

Edit the file above 

vi /etc/sysconfig/network-scripts/ifcfg-wlan0:0

Add the following lines to it: 

DEVICE=wlan0:0 

BOOTPROTO=static 
 
ONBOOT=yes 

IPADDR=192.168.0.242 

NETMASK=255.255.255.0

Restart the network services  

systemctl restart NetworkManager.service

And finally confirm the new IP address is added

ifconfig 

Amazon (AWS)

Follow instructions here – https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html#assignIP-existing

Azure

Follow instructions here – https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/virtual-network-multiple-ip-addresses-portal

Google (GCP)

follow instructions here – https://cloud.google.com/vpc/docs/create-use-multiple-interfaces