#MHN, #kippo and #Dionaea still cooking along. Now to capture binaries…

So, I’ve been playing with Kippo and Dionaea using the Modern Honey Network (MHN) tool and having some fun with it. At this point, I’m going to reload my Kippo box at home and deploy it with Dionaea as well rather than WordPot. I like being able to see the different types of attacks on FTP and HTTP, but I’m having some trouble with the config.

Currently, FTP will make a connection, but fails to send a directory listing. Likewise, I am not capturing any binaries right now. I tried making the folder wide open (777 & nobody:nogroup) but still no luck. If you have any ideas, let me know please. I want to start playing with captures. In the meantime, my pew pew map is about done collecting sources now. Few of the attacks come from a new place now.

 

Pew Pew Pew!

 

Mucho attacks, no binaries captured. I do have pcap’s, but I want some malware files! 🙂

 


Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere.

2 thoughts to “#MHN, #kippo and #Dionaea still cooking along. Now to capture binaries…”

  1. Hi Eric, my problem is the same. I installed MHN and a lot of Dionaea sensors. Attacks is logging, about 2K per 24h, but Dionaea didn’t captured any binaries yet. Sucks. If you resolve this issue, pleas contact me.

Leave a Reply