You are here: start » 2009 » 12 » 08 » post_it_yourself

Post it yourself

Microsoft Malware Protection Center recently had a news about Do and don’ts for p@$$w0rd$, but they just released some statistics about the data gathered. Thats common, raw data is dangerous for the decoys, nobody wants to reveal his honeypots address, and raw data is pretty large.
But as current technology allows data compression, and we are confident our anonymization allows protecting decoy and attackers, we decided to release raw data.

We offer two sqlite databases ¹⁾,

berlin (~39MB)
- ~ 280MB uncompressed
- ~ four weeks ²⁾
- ~ 600.000 attacks
- ~ 2700 malware downloads
- conficker free zone
- includes p0f fingerprints
- includes information about rejected connections

paris (391MB)
- ~ 4.1GB uncompressed
- ~ one week ³⁾
- ~ 7.8 million attacks
- ~ 750.000 malware downloads
- insane amount of conficker attacks

Reports

Please let us know, if you post/blog about it, so we can link it here. A simple mail to nepenthesdev@gmail.com, or the still virgin #dionaea hashtag on twitter will do the trick.

¹⁾ please be aware both archives reveal the logsql.sqlite file, so don't unpack both to the same directory

²⁾ some downtimes during dionaea updates

³⁾ 15 minutes downtime at given point

This blog post was created on 2009-12-08 at 12:59 by Markus. It is tagged with

Comments

Hi Markus, just a questions. I m going into the use of the file retry.py and I have noticed that to reply an attack it is necessary to have a bistream file to point! I m wondering whether is possible to build bistream files from the db you have posted here. Thanks a lot Nick

nick

2011/10/18 11:55

No, the database does not have the required information about the data transfered.

Markus

2011/10/19 10:40

2009/12/08/post_it_yourself.txt · Last modified: 2009/12/08 12:59 by common

Post it yourself

Reports

Comments

Related

Recent Posts

Tags

Comments