Introduction

Description of Dionaea

Presented as the successor of Nepenthes, Dionaea is a low-interaction honeypot that emulates common services (with basic interaction to fool the malware) to trap malware exploiting vulnerabilities. Malware are then isolated to be analyzed and can even be submitted to online sandboxes (CWSandbox, Norman Sandbox or VirusTotal).

Below is the list of emulated services:

ftp (port 21/tcp)
http/https (port 80/tcp and 443/tcp)
nameserver (port 42/tcp)
msrpc (port 135/tcp )
smb (port 445/tcp)
tftp (port 69/udp)
ms-sql (port 1433/tcp)
mysql (port 3306/tcp)
sip/sip-tls (ports 5060/tcp and 5061/tcp)

Environment

The following has been tested in a Ubuntu Server 11.04 32 bits distribution.

Table of content

Dionaea

Contents

Introduction

Description of Dionaea

Environment

Table of content

Share your opinion

Navigation menu

Dionaea

Introduction

Description of Dionaea

Environment

Table of content

Share your opinion

Navigation menu

Search