Andy Smith's Blog

  • Multiple IPs for EC2 Instances

    Amazon recently announced an increase in their IP Address limits for single EC2 instances. At first glance this looks like big news for anyone who runs a honeypot on EC2. My research has found that it's not quite as good as it sounds but there are definite benefits for anyone with a little cash to spend.

    Up until recently it has not been possible to have more than 1 IP Address associated with your EC2 instance*. As someone who runs a Dionaea Honeypot on EC2 I have been looking for a way to get multiple IP addresses pointed at my instance for a while now.

    Which is why I was quite excited when Amazon announced that they would now support up to 240 IP Addresses per single EC2 instance. That figure actually refers to private IPs, but in AWS land a private IP can have a public IP pointed at it. So this sounds like big news for anyone running a honeypot on an EC2 instance; more IPs means more interesting honeypot data. 240 IPs means a crap load of interesting honeypot data.

    Unfortunately it's not quite as simple as that. The 240 IP limit only applies to the rather expensive High-Memory Quadruple Extra Large ($1317.60 a month) instance. Smaller instances have smaller limits. The smaller amounts are as follows:

    • Micro: -
    • Small: 8
    • Medium: 12
    • Large: 30


    As you can see that means that anyone hoping to get multiple IPs on their free tier micro instance are out of luck.

    For those thinking that 30 IPs is not too bad and they may splash out on a large, there's a further limitation from Amazon. They limit EC2 users to 5 IP Addresses per account. Fortunately, you can request an increase, which is exactly what I did. I found that there wasn't a need for too much detail, my e-mail looked something like this:


    I am looking to increase my IP limit, please, I need a higher amount for the security research that I use my EC2 instances for. Ideally I would like 240 but will be grateful for a smaller amount if that isn't possible.


    Amazon raised my limit to 20 IP addresses. In this day and age to IPv4 exhaustion I suppose 20 is not to be sniffed at but it could be better, maybe if I made a stronger case in the future (or had more paid instances..) I would get more but it's hard to tell.

    In conclusion, Amazon's recent limit increase is only big news for big spenders. It's not possible to just grab 240 IP and point them at your free tier micro instance. If all you want is a few more IPs then it's probably more cost effective to grab a budget VPS.

    However, if you want the flexibility of EC2 then this may be worthwile. The great thing about EC2 is the flexibility. You can grab those IPs and release them as you like. So if there was some particularly interesting vulnerability you wanted to emulate, you could quickly spin up a 20 IP instance, run it for a few days and then spin it back down. Then you could release the data publicly without any worry about compromising your honeypot's anonymity.

    I intend to follow up this post with a quick step by step guide on setting up a 20 IP Dionaea honeypot.

    * I believe that strictly speaking the limit is 2 but I looked in to this once and it requires all sorts of faffing with things like load balancers which I deemed to not be worth the effort.


  • Adding Facebook and Twitter Buttons to a GWT Project

    As a new user to GWT I spent quite some time trying to add a Twitter Tweet button and Facebook Like button to a GWT project. After extensive searching I didn't find a useful answer.

    The issue I was having was that I would include the JavaScript and the HTML provided by Twitter and Facebook but my buttons weren't being rendered.

    I had the JavaScript includes in my index.jsp and had created a UIBinder .swt.xml with the HTML code but when I launched my app it was just blank.

    The solution was to make a call to the Twitter and Facebook JavaScript functions once the Composite had loaded.

    This is achieved by over-riding the Composite's onLoad method and calling the rendering functions like so:

    @Override protected void onLoad() {
    private static native String showSocialButtons() /*-{
     $wnd.twttr.widgets.load(); //Render twitter button
     $wnd.FB.XFBML.parse();     //Render facebook button

    And this meant that my social buttons were being rendered properly.


  • Dionaea Honeypot on EC2 in 20 minutes

    • Dionaea
    • Ubuntu

    This is a tutorial on setting up Dionaea on an EC2 instance. Amazon currently off a free EC2 Micro Instance so you should be able to do this too without any cost.


    EC2 Server Set up for Dionaea

    1. Sign in to your Amazon AWS console, choose the EC2 tab and choose a Region (I have chosen 'Ascia Pacific (Singapore)')

    2. Push Launch Instance and choose Classic Wizard and push Continue

    3. Click on the Community AMIs tab. Here you need a AMI for Ubuntu 10.04, these vary between AWS Regions. A list of AMIs is available here. Pick an AMI with root store 'ebs' and arch '32-bit'.

    4. For Asia Pacific use the AMI ami-7289cd20 (Pick an AMI with root store 'ebs' and arch 32-bit), then push Select**

    5. Make sure to change the Instance Type to Micro (from Small), otherwise you will be charged, and push Continue

    6. Continue until you are prompted to Create a Key Pair, choose a name and Create and Download Your Key Pair (save this file somewhere safe for later), push Continue .

    7. Choose to Create a New Security Group, for Create a new rule choose All TCP and Source choose Enter whatever you like in Name/Description. Push Add Rule

    8. Push Continue and then Launch

    Your server has now been set up and will shortly launch. Note that you have allowed TCP access to all services on this machine so do not install anything that could be compromised. It's possible to tighten up that security but it's a little more complicated - perhaps a subject for a later blog post.

    Setting up Dionaea on your EC2 Server

    1. Find the address of your server by selecting it and choosing Instance Actions > Connect. Follow the instruction to connect to your server using the key you generated and downloaded earlier. Putty users may need to use puttygen to convert their key.

    2. Once you're connected you can have Dionaea up and running in minutes by following this tutorial: /2012/02/quick-install-of-dionaea-on-ubuntu/


  • Quick install of Dionaea on Ubuntu

    • Dionaea

    Updated 05/03/2012: Improved instructions based upon another guide.

    Dionaea is a great honeypot but I have found that getting it up and running is not exactly the quickest process in the world.

    However, it seems that the honeynet project have started maintaining Ubuntu packages for Dionaea, which makes the install process a lot more simple. The following is how I got it up and running.

    Install Dionaea on Ubuntu Natty Narwhal (11.04)

    First set up the repository and install dionaea:

    sudo add-apt-repository ppa:honeynet/nightly
    sudo apt-get update
    sudo apt-get install dionaea

    Now, a little directory  set up:

    sudo mkdir -p /var/dionaea/wwwroot
    sudo mkdir -p /var/dionaea/binaries
    sudo mkdir -p /var/dionaea/log
    sudo chown -R nobody:nogroup /var/dionaea/

    Now we update our config file:

    sudo mv /etc/dionaea/dionaea.conf.dist /etc/dionaea/dionaea.conf
    sudo sed -i 's/var\/dionaea\///g' /etc/dionaea/dionaea.conf
    sudo sed -i 's/log\//\/var\/dionaea\/log\//g' /etc/dionaea/dionaea.conf

    Finally, launch dionaea:

    sudo dionaea -c /etc/dionaea/dionaea.conf -w /var/dionaea -u nobody -g nogroup -D

    And there you have it! As simple as that. I should note that this will get you up and running quickly but is not necessarily the most secure way to run Dionaea.

    This makes it really easy for anyone interested in Dionaea to get it up and running - even Windows users can grab Virtualbox and an Ubuntu Image and be up and running in no time.