The European Network of Affined Honeypots: A new EU funded honeynet group has started, made up mostly of Greek and Dutch members to date. “NoAH is an EU co-funded project which will take a step towards achieving an active and more complete approach to networks and systems security. The goal of NoAH is to produce a design study and perform the necessary technical work towards the development of an infrastructure for security monitoring, based on honeypot technology. They are looking for people who are in the area of systems administration, security or research to help them by completing their questionnaire. The questions are not mandatory and can be completed anonymously.” For more information see: http://www.fp6-noah.org/
Archive for June, 2005
Roo online manuals updated: the online manuals for the Honeynet Project’s GenIII Honeywall CDROM have been significantly updated, including a new section on analysis using the Walleye interface: http://www.honeynet.org/tools/cdrom/roo/manual/6-analysis.html
Annual Honeynet Workshop confirmed: the annual Honeynet Project Workshop has been confirmed as September 22-25th in Chicago. Members from many of the Research Alliance groups are expected to attend, including 3 from the UK Honeynet Project.
Honeybee Released: Thomas Apel created a tool for automatically generation plug-ins for honeyd based on the behavior of real servers for his diploma thesis called Honeybee. “For Honeypots to be effective they have to simulate a wide variety of network services. Generating such simulations by hand is a daunting task. An automated system for fingerprinting known servers for common network protocols like Telnet, SMTP, POP3, IMAP4, FTP and HTTP would facilitate deployment of varying honeypots trendemously.Honeybee is such a tool. It can semi-automatically create emulators of network server applications. The resulting emulators can be used together with the honeypot application Honeyd. The emulators should be able to withstand the most common fingerprinting attempts. Honeybee consists of two parts: A scanner and a generic emulators per protocol. The Honeybee scanner talks to a real server and extracts its personality. This personalities are stored in database files and are used to control the generic emulator. The generic emulators use Honeyd’s interface for Python plug-in. Further Information is available at http://lufgi4.informatik.rwth-aachen.de/diplomas/show/6.
As announced on the Honeynet Project web site, a beta version of Sebek clients for BSD systems has been released (version 3, required for GenIII honeynets and the Roo Honeywall CDROM). It can be obtained here: http://honeynet.droids-corp.org
DFRWS 2005 Forensic “Memory Analysis” Challenge: “Memory analysis is one of the primary themes of the 2005 Digital Forensics Research Workshop (DFRWS). In an effort to motivate discourse, research and tool development in this area, the Organizing Committee has created the intrusion/intellectual property theft scenario detailed at http://www.dfrws.org/2005/challenge/. This memory challenge is open to all, and team efforts are encouraged. An award will be given to the group that extracts the most information from the memory dumps, and the quality of documentation and novelty of techniques will be considered when choosing the winner. Network traffic associated with this intrusion will be made available during the workshop.”
Honeynet Project Add Individual Whitepapers: the Honeynet Project have added a section to their public web site for non-KYE whitepapers by individual members of the Honeynet Project Research Alliance: http://www.honeynet.org/papers/ This should be a useful resource for researchers and the community. Hopefully external and peer reviewed papers will also be added shortly.