#MHN, #kippo and #Dionaea still cooking along. Now to capture binaries…

So, I’ve been playing with Kippo and Dionaea using the Modern Honey Network (MHN) tool and having some fun with it. At this point, I’m going to reload my Kippo box at home and deploy it with Dionaea as well rather than WordPot. I like being able to see the different types of attacks on FTP and HTTP, but I’m having some trouble with the config.

Currently, FTP will make a connection, but fails to send a directory listing. Likewise, I am not capturing any binaries right now. I tried making the folder wide open (777 & nobody:nogroup) but still no luck. If you have any ideas, let me know please. I want to start playing with captures. In the meantime, my pew pew map is about done collecting sources now. Few of the attacks come from a new place now.

 

Pew Pew Pew!

 

Mucho attacks, no binaries captured. I do have pcap’s, but I want some malware files! 🙂

 


Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in InfoSec

2 thoughts on “#MHN, #kippo and #Dionaea still cooking along. Now to capture binaries…

  1. Hi Eric, my problem is the same. I installed MHN and a lot of Dionaea sensors. Attacks is logging, about 2K per 24h, but Dionaea didn’t captured any binaries yet. Sucks. If you resolve this issue, pleas contact me.

Leave a Reply