Post it yourself

Microsoft Malware Protection Center recently had a news about Do and don’ts for p@$$w0rd$, but they just released some statistics about the data gathered. Thats common, raw data is dangerous for the decoys, nobody wants to reveal his honeypots address, and raw data is pretty large.
But as current technology allows data compression, and we are confident our anonymization allows protecting decoy and attackers, we decided to release raw data.

We offer two sqlite databases 1),

  • berlin (~39MB)
    • ~ 280MB uncompressed
    • ~ four weeks 2)
    • ~ 600.000 attacks
    • ~ 2700 malware downloads
    • conficker free zone
    • includes p0f fingerprints
    • includes information about rejected connections
  • paris (391MB)
    • ~ 4.1GB uncompressed
    • ~ one week 3)
    • ~ 7.8 million attacks
    • ~ 750.000 malware downloads
    • insane amount of conficker attacks

Reports

Please let us know, if you post/blog about it, so we can link it here. A simple mail to nepenthesdev@gmail.com, or the still virgin #dionaea hashtag on twitter will do the trick.

1) please be aware both archives reveal the logsql.sqlite file, so don't unpack both to the same directory
2) some downtimes during dionaea updates
3) 15 minutes downtime at given point

Comments

1

Hi Markus, just a questions. I m going into the use of the file retry.py and I have noticed that to reply an attack it is necessary to have a bistream file to point! I m wondering whether is possible to build bistream files from the db you have posted here. Thanks a lot Nick

nick
2011/10/18 11:55
2

No, the database does not have the required information about the data transfered.

Markus
2011/10/19 10:40
3

Hi Markus, I'm using this databases in my Master Degree Thesis and I want know how to cite this and the dionaea it self.

Do you have any paper or work you want give to use as citation ?

Thanks Pedro H. Matheus

Pedro H. Matheus
2013/12/02 19:33


233 -3 = ?
2009/12/08/post_it_yourself.txt · Last modified: 2009/12/08 12:59 by common
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0