On Tue, Jun 21, 2011 at 4:41 PM, Michael Lubinski <[email protected]> wrote: > Who runs honeypots? My research suggests that Dionaea seems to be the one. > My goal is malware classification and collection.
If you want malware, running a honeypot isn't going to get you much in the way of "new" samples. 99% of the malware coming into any environment is going to be delivered by drive-by-downloads. Running a "regular" honeypot is going to get you stuff that is already fairly well known (Conficker, SQL Slammer, etc). You'd be better off finding a HoneyMonkey (I don't know if there is a free one out there) or analyzing proxy logs for executable downloads. I netted a boat load of stuff in my previous job following option B. It's always cool to get a piece of malware that was created the same day you're analyzing it. Another option, which I have not done, is analyzing your mail queue. -- Ben Jackson - Mayhemic Labs [email protected] - http://www.mayhemiclabs.com - +1-508-296-0267 "Assume that what is in the power of one man to do, is in the power of another" _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
