Monday, November 30, 2009

Dionaea - Nepenthes successor

Nepenthes, the low interactive honeypot has implemented in the wild for several years. It is the versatile tool to collect malware, acts passively by emulating known vulnerabilities and downloading malware trying to exploit these vulnerabilities.

Here come a next generation of the low interactive honeypot, Dionaea which is funded by Google Summer of Code 2009. It introduced several nice features to improve Nepenthes funtionality :

- embedding python as scripting language
- using libemu to detect shellcodes
- supporting ipv6 and tls

Full details about Dionaea can be found here.
http://dionaea.carnivore.it/

And one interesting stuff that I just found out from the Nepenthesdev mailling list. Hugo González from the Mexican Chapter of the Honeynet created VirtualBox debian images which make it easier to install dionaea.

The image can be downloaded and import to virtualbox.
ftp://ftp.carnivore.it/projects/dionaea/images/virtualbox-20091127-hugo/

No comments:

Post a Comment