Wednesday, May 23, 2007

Nepenthes: Disable Modules

I have been mentioning about nepenthes(low level honeypot to attract malwares) and apparently it is pretty easy to turn on or off nepenthes modules(emulated vulnerable services). I don't want my nepenthes to listen on port 80 as I need to use port 80 for other application. To disable it doesn't seem to be trivial though -

shell>grep '"80"' /etc/nepenthes/*.conf
/etc/nepenthes/log-surfnet.conf: "80",
/etc/nepenthes/vuln-asn1.conf: iisport "80";

Thus I just comment it out at nepenthes core configuration file - /etc/nepenthes/nepenthes.conf

// "vulnasn1.so", "vuln-asn1.conf", ""

Pretty quick isn't it. I have noted it down here for my poor memory sometimes.

Peace ;]

No comments: