Starting with Dionaea
As my previous post states, my Nepenthes system has been retired. In it’s place I’m building up a Dionaea system. The new features proposed by Dionaea should go a long way to improving on a couple of Nepenthes’ shortcomings, a good comparison of the two systems can be found on the Nepenthes blog (post October 27th). But what really caught my attention was the recent post on November 6th detailing the improved logging capabilites that are going to be built into Dionaea. I intend to cover these features at a later date once I’ve had more time to get used to the new system.
I must admit that I was shocked with the ease of installation and compilation. The instructions on Dionaea’s home page look a bit long winded to me, especially as I’m used to the ease of ‘apt-get’ and past experience with manual compilation of source code always leaves me expecting a headache. This was doubled when I discovered my available hardware is starting to show signs of it’s age, and was unable to successfully complete a fresh install of the latest Ubuntu, resulting in some of my components not quite meeting the written requirements. Some how though I manage to muddle through the compilation instructions without issue, and now have a working Dionaea install.
Getting the system started was also a breeze, one-line command as prescribed in the documentation and the system is live. Unsurprisingly it didn’t take long get my first hits, retrieving my first binary within 40 minutes of first starting the system. As I restarted several times whilst playing with config settings it could be that I missed a compromise that would have shortened this time frame in the real world.
So far I have only made a couple of changes the config, replacing the dev’s email with my own to recieve sandbox reports for collected binary samples (thanks for pointing that out in the mailing lists, probably would have missed it) and enabling the ihandler for p0f to try and take advantage of the system’s included fingerprinting capabilities.
As I’ve always liked statistics from honeypot systems, here is what I’ve got so far:
- Running approximately 4 hours
- Logged 20 unique attacks
- Retrieved 4 unique malware binaries (and received the third party sandbox reports)
- Generated 10,000+ log entries
Finally, thanks to the dev team for continuing to build and improve systems that I love to use. Couldn’t do halve of what I do without quality systems to work with.