You are here: start » 2009 » 12 » 08 » post_it_yourself

Post it yourself

Microsoft Malware Protection Center recently had a news about Do and don’ts for p@$$w0rd$, but they just released some statistics about the data gathered. Thats common, raw data is dangerous for the decoys, nobody wants to reveal his honeypots address, and raw data is pretty large.
But as current technology allows data compression, and we are confident our anonymization allows protecting decoy and attackers, we decided to release raw data.

We offer two sqlite databases 1),

  • berlin (~39MB)
    • ~ 280MB uncompressed
    • ~ four weeks 2)
    • ~ 600.000 attacks
    • ~ 2700 malware downloads
    • conficker free zone
    • includes p0f fingerprints
    • includes information about rejected connections
  • paris (391MB)
    • ~ 4.1GB uncompressed
    • ~ one week 3)
    • ~ 7.8 million attacks
    • ~ 750.000 malware downloads
    • insane amount of conficker attacks

Reports

Please let us know, if you post/blog about it, so we can link it here. A simple mail to nepenthesdev@gmail.com, or the still virgin #dionaea hashtag on twitter will do the trick.

1) please be aware both archives reveal the logsql.sqlite file, so don't unpack both to the same directory
2) some downtimes during dionaea updates
3) 15 minutes downtime at given point
This blog post was created on 2009-12-08 at 12:59 by Markus. It is tagged with .

Comments



Related

Recent Posts

Tags

alix botnet bpf ctypes dataviz debian dionaea ftp gnuplot honeytrap joomla libemu nepenthes ntlm pcap prosody python3 smb sqlite xmpp

Comments

Index

2009/12/08/post_it_yourself.txt · Last modified: 2009/12/08 12:59 by common
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0