Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The logged_downloads which suppose to contains all the downloads attempts and what malware the attacking system are trying to distribute is still empty, which mean the nepenthes still not working properly in order to start capturing malware.
The logged_downloads which suppose to contains all the downloads attempts and what malware the attacking system are trying to distribute is still empty, which mean the nepenthes still not working properly in order to start capturing malware.
...or it means nobody tried anything. Did you configure Nephentes? Do the logs show any errors?
*BTW Nephentes was succeeded by Dionaea and besides that there are a few more honeypots (Honeyd, Amun, Kippo, Artillery) you could use depending on your requirements. If you would like to try Nephentes a different way you could also search for the Mercury Live CD (announcement was made here and the DVD also contains Honeyd and Dionaea), search for "mercury-i386-dvd.iso".
**Do correct me if I'm wrong but as far as I'm aware only Dionea, Kippo and Artillery are current / maintained.
Thanks a lot unSpwan for your prompt and useful reply.
Quote:
Originally Posted by unSpawn
...or it means nobody tried anything. Did you configure Nephentes? Do the logs show any errors?
Yes, I configured as it should be, but I am not sure about receiving connections on the ports which I mentioned above.
I am not sure if I have to use iptables -I INPUT -p tcp --dport <ports mentioned in the first post> -j ACCEPT (for the all ports)?
Did you see any useful book for the subject?
Quote:
Originally Posted by unSpawn
...
*BTW Nephentes was succeeded by Dionaea
You are right, and even on the nepenthes website, admin are declaring Nepenthes is outdated Do not use Nepenthes, use Dionaea instead.
I just want to get familiar with nepenthes before moving Dionea, etc,,
I will start looking for mercury-i386-dvd.iso to see how it works.
Appreciate and thanks for your help
I am not sure if I have to use iptables -I INPUT -p tcp --dport <ports mentioned in the first post> -j ACCEPT (for the all ports)?
That depends on your firewall default INPUT chain policy and rules but generally speaking, yes, you should allow traffic in you want to capture.
Quote:
Originally Posted by lee_can
Did you see any useful book for the subject?
Honeypots: Tracking Hackers, (Spitzner, 2002)
Honeypots: A New Paradigm to Information Security, (Joshi and Sardana, 2011)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection (Provos and Holz, 2007)
If it's useful I don't know: you decide.
Quote:
Originally Posted by lee_can
You are right, and even on the nepenthes website, admin are declaring Nepenthes is outdated Do not use Nepenthes, use Dionaea instead. I just want to get familiar with nepenthes before moving Dionea, etc,,
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.