Post it yourself

Microsoft Malware Protection Center recently had a news about Do and don’ts for p@$$w0rd$, but they just released some statistics about the data gathered. Thats common, raw data is dangerous for the decoys, nobody wants to reveal his honeypots address, and raw data is pretty large.
But as current technology allows data compression, and we are confident our anonymization allows protecting decoy and attackers, we decided to release raw data.

We offer two sqlite databases 1),

  • berlin (~39MB)
    • ~ 280MB uncompressed
    • ~ four weeks 2)
    • ~ 600.000 attacks
    • ~ 2700 malware downloads
    • conficker free zone
    • includes p0f fingerprints
    • includes information about rejected connections
  • paris (391MB)
    • ~ 4.1GB uncompressed
    • ~ one week 3)
    • ~ 7.8 million attacks
    • ~ 750.000 malware downloads
    • insane amount of conficker attacks


Please let us know, if you post/blog about it, so we can link it here. A simple mail to, or the still virgin #dionaea hashtag on twitter will do the trick.

1) please be aware both archives reveal the logsql.sqlite file, so don't unpack both to the same directory
2) some downtimes during dionaea updates
3) 15 minutes downtime at given point


Hi Markus, just a questions. I m going into the use of the file and I have noticed that to reply an attack it is necessary to have a bistream file to point! I m wondering whether is possible to build bistream files from the db you have posted here. Thanks a lot Nick

1 |
| 2011/10/18 11:55 | reply

No, the database does not have the required information about the data transfered.

2 |
| 2011/10/19 10:40 | reply

Hi Markus, I'm using this databases in my Master Degree Thesis and I want know how to cite this and the dionaea it self.

Do you have any paper or work you want give to use as citation ?

Thanks Pedro H. Matheus

3 |
Pedro H. Matheus
| 2013/12/02 19:33 | reply

2009/12/08/post_it_yourself.txt · Last modified: 2009/12/08 12:59 by common = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0