Che ne dici di questo articolo?
link
Three different scripts has been "developed" to target the following
Dionaea services:
SMB
SSL (used by HTTPS and SIP-TLS)
MySQL
There are most likely (judging by the Dionaea code) more ways to do a positive identification of the system so consider this a start for future research.
I would also like to say that I totally agree that trying to mimic a
service 1:1 is hard, if not impossible to achieve. To get the
functionality that is included in Dionaea today requires lot of work
and understanding of the protocols being emulated. That is important
to remember!
Sebbene sia un "vecchio" articolo del 2012, potrebbe comunque essere applicato in una certa misura.