VMware

  Download

Download this Appliance

  Community Feedback

0 votes

Log in to rate item

Comment on this appliance

  Related Categories

Community Contributed Virtual Appliance | Production | Security | System Administrator

Nepenthes Honeypot on Ubuntu

Nepenthes Honeypot helping SPARSA's ongoing viral research project

Description

Computer viruses are a part of the internet. Nepenthes Ampullaria acts like a honeypot to feign vulnerability to, and download viruses into hexdumps which can be reversed. A collection of 30,000 viruses is growing each day the nepenthes computer is online, gathering data to submit to anti-virus companies about what is in the wild.

Currently SPARSA operates a centralized Nepenthes server out of their office in RIT's CIMS building. A Virtual Machine running Nepenthes is available here for download. You will need VMWare Player, VMWare Server, or VMWare workstation in order to run these Virtual Machines. VMWare Player and VMWare Server are free to all. RIT also has a site license for VMWare workstation you may inquire about.

The Virtual Machines are to be used either on their own unprotected box serving VMWare images, or placed on the DMZ of a firewalled environment. This gives the best opportunity to catch viruses and exploits in the wild.

It is SPARSA's goal to set up a centralized submission and analysis cluster with help from folks like yourselves. All VMs submit to the SPARSA server where results will be analyzed and submitted to major AV companies and the Norman Sandbox. A copy is also kept for the local user to tinker with.

**Using this tactic the Security Practices and Research Student Association hopes to analyze viruses and malware in the wild by allowing everyone to participate in collection and analysis. Future versions will pare down the known malware on the vm-clients so submission to the server is only unknown malware.

Last updated: 02/04/2008

Operating system: Ubuntu Server 6.06

Applications installed:
Ubuntu Server Base install Nepenthes 0.2.0 Honeytrap 1.0 Prelude **(see above) Also included are some scripts that run a cron job which submit the hexdumps weekly to the SPARSA main research server.

VMware Tools installed: Yes

Size: >1500 MB
Torrent available: No
(What is BitTorrent?)

Primary account
Username: sparsa
Password: secure

Memory allocated: 256 MB

License: GPL

Submitted by: xenolithic

Download link provided by the submitter, not VMware. Report broken downloads here.


« BACK...