Dionaea, a state of the art honeypot

Posted on by

In this post we talk about Dionaea, a next generation honeypot. According to his autors Dionaea born as a Nepethens successor and ships with many improvements such a new engine for trapping shellcodes and a nice support for TLS and IPv6. Installing Dionaea is fairly simple. It requires some libraries (libev,libglib,libem etc) and python, at least version 3.1.1.

After installation Dionaea offer to attackers some common vulnerable services :

dionaea Dionaea, a state of the art honeypot1.1 Nmap scan of a Dionaea honeypot

Dionaea can run as a daemon and catches almost all common exploits ad malwares in the wild. Usually most vulnerable service is SMB, listening on port 445. After a successful exploit thanks to a vulnerable faked version of this services Dionaea is able to catch ad download copies of malware that can be used later for forensics analysis.

With an extensive logging engine Dionaea provide in-depth analysis of malicious activity done by attackers such as scannings, malicious connections ad MSSQL bruteforce attempts.

Despite the fact that Nepenthes can be considered a great piece of software we can assert that Dionaea is actually a state of the art honeypot and can be used effectively for detecting and download malicious payloads on a distribuited host-based honeypots.

Divisione ricerca e sicurezza – servermanaged.it

Condividi questo post!

Post simili:

One thought on “Dionaea, a state of the art honeypot

  1. Pingback: Malware report #2 « Servizi managed e gestione server – servermanaged.it blog

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>