Current setup(s):
=================

http://www.lac.inpe.br/security/honeynet/

Our topology remains the same: a GenII with some modifications, and
all control mechanisms based in OpenBSD (pf, sessionlimit and
hogwash).

Honeypots with Solaris, *BSD, Linux and Windows.  Most of them with
a modified shell, sending logs to a centralized syslog.

Findings/developments this quarter:
===================================

Malicious Activities:

- got the first Slapper.B variant and contributed to the ISS Alert:
  Propagation of Slapper OpenSSL/Apache Worm Variants
  http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21184
- lots of slapper variants
- decrease of wu-ftpd compromises after OpenSSL started being widely
  exploited
- popup SPAM
- scans for open proxies and relays are increasing

Publications (In Portuguese):

- "Honeynet.BR: Desenvolvimento e Implantação de um Sistema para
  Avaliação de Atividades Hostis na Internet Brasileira", in Anais of
  the 4th Symposium on Information Security, November 2002.

Other Activities:

- Scan of the Month 25
  http://www.honeynet.org/scans/scan25/

Plans for next quarter:
=======================

- Deploy an AIX honeypot
- New version of sessionlimit