I thought I should share some statistics from the Dionaea honeypot, after ~4 days of operation.
My dionaea.log file is around 135MB, the SQLite database is around 68MB, and the system downloaded 45MB of malware. Automatic uploading to VirusTotal did not work for some reason though.
Using Infosanity’s script , here is the output:
python mimic-nepstats.py Statistics engine written by Andrew Waite - www.infosanity.co.uk Number of submissions: 21923 Number of unique samples: 205 Number of unique source IPs: 473 First sample seen: 2012-01-04 22:50:12.268572 Last sample seen: 2012-01-08 23:18:50.717549 System Uptime: 4 days, 0:28:38.448977 Average daily submissions: 5480 Most recent submissions: 2012-01-08 23:18:50.717549, 77.253.165.169, http://77.253.165.169:6015/fdqnmrfc, 78c9042bbcefd65beaa0d40386da9f89 2012-01-08 23:18:40.942690, 89.132.115.66, http://89.132.115.66:6028/bfnmzb, 0c059b0d1d5a03f69a21185987c17d5c 2012-01-08 23:18:27.638438, 186.92.211.27, http://186.92.211.27:3229/mxxyknng, 393e2e61ff08a8f7439e3d2cfcb8056f 2012-01-08 23:18:10.518064, 178.151.189.78, http://178.151.189.78:7117/pasxx, 9500da313ac9708847c5f920325027e3 2012-01-08 23:17:23.842580, 77.253.165.169, http://77.253.165.169:6015/fdqnmrfc, 78c9042bbcefd65beaa0d40386da9f89
And here are the results of the gnuplotsql script:
./python3.2 gnuplotsql -d /opt/dionaea/var/dionaea/logsql.sqlite -p smbd -p epmapper -p mssqld -p httpd -p ftpd
Pingback: Securing a server with Artillery » BruteForce Lab's Blog()