Description of Dionaea
Presented as the successor of Nepenthes, Dionaea is a low-interaction honeypot that emulates common services (with basic interaction to fool the malware) to trap malware exploiting vulnerabilities. Malware are then isolated to be analyzed and can even be submitted to online sandboxes (CWSandbox, Norman Sandbox or VirusTotal).
Below is the list of emulated services:
- ftp (port 21/tcp)
- http/https (port 80/tcp and 443/tcp)
- nameserver (port 42/tcp)
- msrpc (port 135/tcp )
- smb (port 445/tcp)
- tftp (port 69/udp)
- ms-sql (port 1433/tcp)
- mysql (port 3306/tcp)
- sip/sip-tls (ports 5060/tcp and 5061/tcp)
The following has been tested in a Ubuntu Server 11.04 32 bits distribution.