Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


Create a simple honeypot with Debian and Nepenthes

I wanted to see for myself just how quickly a machine would be infected, how it would be infected, and how frequently it would be probed. Rather than putting a target machine openly on the Internet, I decided to use the Nepenthes malware collector.
Read it here


I must say that I found it quite alarming how quickly Nepenthes has started to collect information about attempted break-ins and automated malware downloads! It’s very interesting to see the large number of entries for ‘Unknown DCOM Shellcode’. By far the most frequently seen piece of malware has been mssmpp.exe,which seems to be a derivative of the W32.IRCBot Trojan which has been hanging around since 2002; this Trojan will infect the host, which then becomes a member of a botnet. As previously discussed, these botnets are used for all sorts of underground activities, most frequently spamming, launching denial of service attacks, and online fraud.

No Response to “Create a simple honeypot with Debian and Nepenthes” »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.