Post it yourself

Microsoft Malware Protection Center recently had a news about Do and don’ts for p@$$w0rd$, but they just released some statistics about the data gathered. Thats common, raw data is dangerous for the decoys, nobody wants to reveal his honeypots address, and raw data is pretty large.
But as current technology allows data compression, and we are confident our anonymization allows protecting decoy and attackers, we decided to release raw data.

We offer two sqlite databases ¹⁾,

berlin (~39MB)
- ~ 280MB uncompressed
- ~ four weeks ²⁾
- ~ 600.000 attacks
- ~ 2700 malware downloads
- conficker free zone
- includes p0f fingerprints
- includes information about rejected connections

paris (391MB)
- ~ 4.1GB uncompressed
- ~ one week ³⁾
- ~ 7.8 million attacks
- ~ 750.000 malware downloads
- insane amount of conficker attacks

Reports

Please let us know, if you post/blog about it, so we can link it here. A simple mail to nepenthesdev@gmail.com, or the still virgin #dionaea hashtag on twitter will do the trick.

¹⁾ please be aware both archives reveal the logsql.sqlite file, so don't unpack both to the same directory

²⁾ some downtimes during dionaea updates

³⁾ 15 minutes downtime at given point