An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector

Document Type

Conference Proceeding


Edith Cowan University


Faculty of Computing, Health and Science


School of Computer and Information Science / Centre for Security Research




Szewczyk, P. S. (2007). An examination of the Asus WL-HDD 2.5 as a Nepenthes malware collector. Proceedings of Australian Digital Forensics Conference. (pp. 127-134). Perth, Western Australia. Edith Cowan University. Available here


The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes.

Access Rights