|
-
July 9th, 2008, 09:39 PM
#3
Hmmm, I guess you haven't got it set up right as it claims to collect malware for you:
http://nepenthes.mwcollect.org/documentation:readme
I started to get hit with what appears to be botnet for DDos from ip address in China, but nepenthes sends the virus to a website for analysis, and the virus is no where to be found in the system.
Why does it "appear to be botnet for DDoS". AFAIK a botnet is simply a collection of compromised machines.............. you can use them for anything you like?
Strictly speaking, I doubt if it was a "virus", as that sort of activity is a bit too promiscuous for botnets. More likely a worm or trojan from what I have seen over the past months.
Once again, I would suggest that you recheck the documentation and your settings for nepenthes, as it is certainly supposed to support local capture of malware. Sure, it will also try to send the information back to the project, but that is part of the idea of it?
Similar Threads
-
By sweet_angel in forum Firewall & Honeypot Discussions
Replies: 9
Last Post: January 23rd, 2003, 10:30 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote