1. What does submit-nepenthes and what does download-nepenthes? 1.1 download-nepenthes 1.2 submit-nepenthes 1.3 the team
2. How can i use it? 2.1 Simple Setup 2.2 Expert Setup
download-nepenthes listens on a port you can set in modules/download-nepenthes/download-nepenthes.conf and waits for file transfers from other Nepenthes clients.
The transfer is simple, but effective and optimised to reduce bandwidth usage.
If Nepenthes gets a new sample, submit-nepenthes will connect the server you specified in
modules/download-nepenthes/download-nepenthes.conf
and send the server the MD5Sum of the new file. If the Server does not know that file yet, he will ask the client to transfer the file. The server looksup the file in the path you can set in
modules/download-nepenthes/download-nepenthes.conf
Upon successfull filetransfer the server will check if the md5sum the client sent actually fits the md5sum he propagated to initiate the transfer. If the hashes do not match the server will drop the file. The server should use submit-file to store the file in the same dir download-nepenthes uses to verify if he knows the file.
[ nepenthes main submission server #M ]
\
\
\
\
\
[ your submitter #A ]
submit-nepenthes { host "FIXME"; port "45678"; connecttimeout "30"; };
If you want to store the files you collect somewhere
submit-file { path "/home/malware/viri/"; };
[ nepenthes main submission server #M ]
|\
| \
| \
| \
| \
| [ your friends submissions server #F ]
|
|
|
|
|
[ your submission server #Y ]
/|\
/ | \
_______/ | \
/ | \
/ | \
[ your submitter #A ] | [ your submitter #C ]
|
[ your submitter #B ]
We have to care of Y A B C
submit-nepenthes { host "FIXME"; port "45678"; connecttimeout "30"; };
submit-file { path "/home/malware/viri/"; };
download-nepenthes { ports ("45678"); accepttimeout "60"; filespath "/home/malware/viri/"; };
submit-nepenthes { host "FIXME"; // ip of Y port "45678"; connecttimeout "30"; };
submit-file { path "/root/viri/"; };
