New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Good place to run a honeypot?
Id like a to run a honeypot primarily for malware collection. Id need a server powerful enough to run Xubuntu in a VM (which itself will not be headless). If I could install the xubuntu iso on the server directly that would be even better. Im just getting into the area so I dont plan to spend much money on it.
Comments
Kimsufi?
Out or curiosity, I've always wanted to do some malware analysis and collection. What tools do you use and what do you need to learn?
/offtopic
Vultr allows custom ISOs
Yes, but not sure they allow malware on their nodes...
Malware detection is not malware ;-)
For instance there is a fake ssh daemon, when some brute forcer connects to it, it pretends he can login and then starts logging the commands he tries to execute.
Please do share your findings/statistics with LET if you succeed.
@honeyme Is it a custom ISO you've created or a distro you've downloaded from somewhere? It's an interesting idea.
Sounds like you'd be better served with a dedicated server -- attracting malware on a VM node won't make your host happy :-)
Honeypot is not attracting anything, rather reading hacker automated scripts attempt to execute commands in a fake, controlled environment where they can't do any damage.
@honeyme: I agree. Where to get this?
@aglodek I have one of those 1.99 euro kimsufi boxes which is doing nothing at the moment, it was used as a mail server but that's going through Google Apps nowadays.
Thought a little honeypot would be an interesting project.
Thanks, but I meant where to get the software, like the fake ssh app etc... I'd like to check this out myself, too.
@aglodek That's what I was getting at, would be good if there was a custom iso, etc. If you do find anything of interest - let me know..
Google kippo for the fake ssh. There's a fork (on Github I think) which can handle sftp as well.
Though it's not THAT interesting because all you will see is Chinese bots trying to upload all sorts of trojans all day long!
Hey Guys, sorry for the delayed reply.
Practical Malware Analysis is a really wonderful introduction to malware analysis. It comes with many samples and guides you through dissecting them using a range of freely available tools.
http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901
Im specifically looking at Honeydrive, a custom linux distro that comes with many honeypots.
http://bruteforce.gr/honeydrive
There are different kinds of honeypots, i think id really just be interested in running dionaea - it emulates a host of services sufficient to be able to grab the malware from incoming attacks.
http://dionaea.carnivore.it/