Dionaea

From aldeid
Jump to: navigation, search

Introduction

Description of Dionaea

Presented as the successor of Nepenthes, Dionaea is a low-interaction honeypot that emulates common services (with basic interaction to fool the malwares) to trap malwares exploiting vulnerabilities. Malwares are then isolated to be analyzed and can even be submitted to online sandboxes (CWSandbox, Norman Sandbox or VirusTotal).

Below is the list of emulated services:

  • ftp (port 21/tcp)
  • http/https (port 80/tcp and 443/tcp)
  • nameserver (port 42/tcp)
  • msrpc (port 135/tcp )
  • smb (port 445/tcp)
  • tftp (port 69/udp)
  • ms-sql (port 1433/tcp)
  • mysql (port 3306/tcp)
  • sip/sip-tls (ports 5060/tcp and 5061/tcp)

Environment

The following has been tested in a Ubuntu Server 11.04 32 bits distribution.

Table of content