UK Honeynet Project 

There’s a new (beta) release of the Honeynet Project’s “Honeywall” CDROM out. This release (1.3b) fixes some bugs but the main change is a move from the no longer supported Fedora Core 6 platform to CentOS 5. This should give us less work keeping the base platform up to date and more time to work on adding cool new features 🙂

We’ve also moving to a more open development model for the CDROM. Although it’s always been GPL’d, the development processes has been closed and it’s been hard for outsiders to add features/hack code. I’m pleased to say that that’s now changed, and there’s a new Trac site with a svn tree, wiki and all the usual stuff. The Honeywall public mailing list is also still available.

Cool stuff that will be coming in the future includes a move to hflow2 for better flow decoding and analysis and changes to the build processes to make it easier to use.

Credits: Earl Sammons, Rob McMillen and myself did the CentOS port. Steve Mumford and Dave Watson did all the work in setting up our new infrastructure to enable more open development.

The Honeynet Project has recently completed a major internal restructuring, which sees the end of the Research Alliance and a move to a new Chapter based membership model (for example, we become the Honeynet Project’s UK Chapter). You can find out more about the new organisation, it’s bylaws and further membership information here.

As part of this restructuring process, active Honeynet Project members have elected a new Board of Directors and assigned various operational positions for the next three years. This includes David Watson from the UK group, who becomes a Honeynet Project Director and it’s Chief Research Officer.

With the restructuring process now complete, we are looking forward to getting back to honeynet research and development. A second, larger phase of our Global Distributed Honeynet (GDH) is already planned for 2008, along with more collaboration with other active security research groups.

The Honeynet Project published it’s annual status report today, which includes a round up the R&D activity undertaken by members during the previous year. Details of some UK Honeynet Project are also included.

Lance Spitzner was one of the keynote speakers at Hack-In-The-Box 2007 in Malaysia this week, and talked about some of the research we have been involved in recently (including the Honeynet Project’s Global Distributed Honeynet initiative – GDH, which David led). More details can be found at the conference web site.

Long time Honeynet Project members Niels Provos and Thorsten Holz’s book “Virtual Honeypots: From Botnet Tracking to Intrusion Detection” was released in the US last month but has only just become available here in the UK recently. It has picked up a number of good reviews, and we highly recommended it for a good background on honeynet technologies and their uses.

For the last six months, David Watson has has been leading the Honeynet Project’s Global Distributed Honeynet (GDH) initiative. Phase One of the GDH initiative concluded 31/05/07, with a three month status report being delivered to members of the honeynet research community 01/07/07. We are now looking at how we release more of our findings to the public, and also how best to continue our research in future GDH phases.

The Honeynet Project has begun the process of opening its development mailing lists and svn repository up to the public, with a development wiki to follow soon too. The first project to go public is Honeysnap, led by members of the UK Honeynet Project, so please sign up if you are interested and actively using Honeysnap.

UK Honeynet Project and German Honeynet Project initiates new centralised malware collection project with the Honeynet Project Research Alliance.