Its a bad idea if you have to trying to access the same ip/port. Running it on the same computer is not a bad thing.
Actually, I do run both on the same machine, cause i use dionaea mainly
for its SMB implementation. I still run a combination of nepenthes and
amun to cover for the rest of the service simulation. Why is this a bad
On 9/10/10 2:12 PM, AndrewWaite wrote:
> Personally I wouldn't run both at once, but primarily beca...
> You received this message because you are subscribed to the Google Groups "kippo users" group.
> To post to this group, send email to kippo...@googlegroups.com.
> To unsubscribe from this group, send email to kippousers+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/kippousers?hl=en.
On Thu, Sep 16, 2010 at 5:41 PM, mlwrcollect <mlwrc...@gmail.com> wrote:
> Ah, right. I thought i was doing something really badly wrong here :) I
> see your point and actually would love doing the same, using all cool
> features from Dionaea. And we probably will in the near future, however,
> currently we heavily rely on SurfIDS as framework and NFQUEUE is not
> enabled there. As far as I know, but please corrent me when im wrong,
> Dionaea only offers SMB when not using the queuing features (freeze the
> syn and open a port) ? This has been the main reason for me to combine
> honeypots so to have a wide spread of simulated vulnerabilities...
smb - tcp/445
dcerpc - tcp/135
mssql - tcp/1433
http - tcp/80 - more or less useless
https - tcp/443 - as useless as http
ftp - tcp/21 - not as useless as http, you can even upload/download files
tftp - udp/69 - actually not useless, but does not get attacks
sip - udp/5060 - does not play nice with sipvicious yet
If you got numbers which other services you see getting hit, getting
served by amun/nepenthes, please let me know.
And last but not least, there is
any - tcp/* via nfq and mirroring back the attack to the attacker,
running this code is an ethical mess, but sometimes helps in
identifying potential services for the honeypot (we got mssql that
On 9/16/10 9:22 PM, Markus wrote:
> sip - udp/5060 - does not play nice with sipvicious yet
Nice!, Been playing with artemisa lately, which is nice too, but having
it at some level with Dionaea sounds great!
artemisa is something different, it is a voip client, which you
connect to your (asterisk) sip service and wait for incoming calls,
the sip dionaea provides is meant to detect sip scanning (and more),
which is addressed on sip services like asterisk.
Artemisa uses PJSIP, which is not an option for dionaea due to the
lack of control over sockets and the lack of control for the threads
used in the library.
Given the complexity in sip, it is really unlikely dionaea will get a
sip client stack.
Therefore, if you are looking for spit, Artemisa is your choice.