Archive for April, 2005

Honeynet Research Alliance status reports published

Saturday, April 30th, 2005

Honeynet Research Alliance bi-annual reports published.

MWcollect released

Wednesday, April 20th, 2005

mwcollect (malware collect) tool released by the German Honeynet Project. This is an new tool designed for the automated collection of malware, as documented in “KYE: Tracking Botnets” and several more papers. One of the first next generation client honeypots, it is designed to capture Windows worms and bot attacks without having to run a Microsoft OS.

Rootkit websites taken down by DDoS attacks

Wednesday, April 13th, 2005

Rootkit web sites taken down by DDoS attacks

New Scan of the Month challenge (34) published

Tuesday, April 12th, 2005

The Honeynet Project has published a new Scan of the Month (SotM) challenge, number 34. This month’s challenge is to analyze a diverse set of logs captured on the honeypot by various monitoring and auditing systems in order to determine whether (and how) the honeypot was compromised.

Distributed Open Proxy Honeypot Project

Friday, April 8th, 2005

Distributed Open Proxy Honeypot Project: “The WASC solution is to use one of the web attacker’s most trusted tools against him – the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.”