Hi, I’m back again after being sick for a few days (more than I expected) so I’m sorry but I have no chance to write a single post. Today I would like to share with you my first impressions about glastopf. Glastopf is a truly interesting honeypot project but I wasn´t sure that it would report any attack [...]
Archive for May, 2010
Glastopf – First experiences
Posted in Honeypots on 05/28/2010 | Leave a Comment »
Amun Honeypot – First analysis
Posted in Honeypots on 05/11/2010 | Leave a Comment »
Hi! According to my Amun logs, the most exploited vulnerabilties are DCOM and MS08-067 so I’ve decided to change my honeypot’s configuration file (amun.conf). I’ve forced my honeypot to look like a Windows machine and so I’ve disabled all but the following vuln_modules: vuln-ms08067 vuln-dcom vuln-lsass Now only ports 80 (glastopf), 135 and 445 (amun) [...]
Time for Glastopf
Posted in Honeypots on 05/07/2010 | Leave a Comment »
Now that Amun is running and collecting malware, it’s time for Glastopf to emulate web application vulnerabilities. Developed by Lukas Rist, Glastopf collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks. It is very easy to install and configure following the instructions available in Glastopf’s [...]
Amun Statistics
Posted in Honeypots on 05/06/2010 | 5 Comments »
Andrew Waite from Infosanity.co.uk has developed several useful scripts to generate statistics for Honeyd and Nepenthes. I have developed amun_submissions_stats.py to generate similar statistics for Amun Honeypot, you can download it from here I am not a good python developer so I’ve done my best to modify Andrew’s script for Nepenthes (submissions2stats.py). Here is a [...]
Amun Honeypot’s installation
Posted in Honeypots on 05/05/2010 | 8 Comments »
Installing Amun Honeypot is quite straightforward. In my case I am using a Debian Lenny 5.0 box as a honeypot. I followed this simple steps: Download Amun Honeypot from Sourceforge.net Move amun-v0.1.9.tar.gz to a directory (in my case I have used /opt) Unzip the file using tar xvfz amun-v0.1.9.tar.gz Get into /opt/amun Be sure to [...]
Amun Honeypot’s first experiences
Posted in Honeypots on 05/05/2010 | Leave a Comment »
After reading Jan Göbel’s technical report about Amun Honeypot I was so impressed that I decided to test it immediately in my lab at home. I am very interested on honeypots and in my opinion Amun is a great tool for those who want to develop new vulnerabilities thanks to its modular design. Amun allows [...]
