Thoughts on Twitter

I’ve known of Twitter ever since its popularity started rising, however I’ve always felt reluctant using it. I didn’t see any point in posting short updates about everything I do, I didn’t feel the need for it. As such, I only got an account on Twitter about 2 years ago, and I’ve barely used it ever since.

Sure, it’s a great place to get updates on other topics, but I prefer feeds. is a great website to follow feeds, especially since RSS is no longer supported on Chrome.

However, I’ve found it to be especially great when you need to ask for short, quick advice, or to obtain specific updates, as you typically receive a reply in a very short time (much faster than e-mail!). From that point of view, it’s great!


Dionaea on Ubuntu 14.04

Installing, configuring and hiding Dionaea from nmap scans.

Dionaea is a malware capturing honeypot, which also features a VoIP module (of interest to me). It was originally developed under The Honeynet Project’s 2009 Google Summer of Code (GSoC).

My servers were running on Ubuntu 14.04, and it appeared most guides haven’t been updated since 12.04 came out. With thorough research, I found out that setting it up has become a lot easier, so much easier that I first doubted it was actually working, and tried to adapt the 12.04 guides. I believe there’s a lot of ambiguity surrounding it, as I can only access the original site (as I understand it) through the wayback machine.

So this is how I set it up:

Brian has been a life saver with his guide, which simply tells you how to get it up and running:

apt-get update
sudo apt-get install software-properties-common python-software-properties -y
sudo add-apt-repository ppa:honeynet/nightly -y
sudo apt-get update -y
sudo apt-get install dionaea-phibo -y
sudo service dionaea-phibo start

So yes, that’s really how easy it is now to get it started. However, that’s only the default configuration. He does tell you that you need to have a look at /etc/dionaea/dionaea.conf which is the configuration file for dionaea.

At this point I obviously had no idea how to configure it, so I kept searching for something that might explain it, and I found this . It’s quite a good basic configuration to make it into a VoIP honeypot (you definitely don’t want the http service running when dionaea is live). My only change is that I commented out the default submit section (sorry!). I didn’t find the first part useful as the script also installs kippo, and I found myself locked out from my ssh connection, sometimes even before the script finished installing (not to mention I didn’t want kippo).

Once I tried to scan it with nmap I realised it could easily tell it’s a honeypot, so I looked for a way to hide it. I found this other useful guide  by  which tells you straightforward, and nicely explains, what values should be modified to avoid identification.

The only problem left then was the ssh service; it would easily identify it as an ubuntu machine. Therefore, I made the service listen to in its config file /etc/ssh/sshd_config (ListenAddress, uncommented).  As far as I can understand, you cannot change the way it recognises your machine as it’s hard coded, and is required in order to properly interact with other machines. Thus, the only option then was to get rid of it entirely. Don’t forget to restart the service!

service ssh restart

I got p0f to work by using this other guide, if you’re interested in it working for you.

At this point I realise there’s an awful lot of guides I used to get it up and running, none my original work, but since they were all so spread out, I thought it could be useful to have them all in one place!

It took me days to find the “right combo” but now it’s really easy to set-up a Dionaea honeypot – average 30 minutes set-up time. I’ve tried to extend it as well, but I couldn’t make any sense of the MySQL configuration (got everything else running), so if anyone could help me with that, I would highly appreciate it!
Bonus : You can get $50 credit for digitalocean using the github Student Developer Pack to set up your own servers! And another $10 if you use my referral link! 🙂