Dionaea honeypot: from Conficker to WannaCry + SambaCry CVE 2017-7494

30 May 2017 Roberto Tanara dionaea honeypot sambacry wannacry
This is a contribution by Tan Kean Siong, follow him on Twitter @gento_ . The open source honeypot Dionaea supported SMB since long but lacked support for the recent WannaCry ransomware SMB vulnerability and the most recent Samba RCE vulnerability CVE 2017-7494 dubbed “SambaCry” wormable attacks. With the recent changes, both attack vectors are supported and respective samples caught in the wild. Dionaea is a low interaction, server side honeypot which emulates a vulnerable system or device.

Improved logging capabilities of dionaea

14 Dec 2015 Stanislav Barta dionaea frontend honeypot
Hello, recently I made fork of dionaea and DionaeaFR. Changes that I did are related with remote logging to relational database. Dionaea honeypot can now log remotely to postgresql database. In DionaeaFR frontend I had to do some changes, so it could support reading data from postgresql. Links are github.com/GovCERT-CZ/dionaea and github.com/GovCERT-CZ/DionaeaFR. I think that some one could use that so I write this post. Have a nice day, Stanislav Bárta

Dionaea Installation

09 May 2011 Oguz Yarimtepe debian dionaea log-record
This summer, I will be dealing with the malware analysis distribution from a visualization perspective at a timeline and geographic basis. To collect data related with malwares, I installed the Dionaea, which is a successor of Nepenthes. The documentation of the Dionaea is plain and easy to follow. I chosed Debian Squeeze to install the honeypot on it. Installing the base system from netinstall CD and following the documentation was enough till i got an error message during the compiling process of Dionaea.