Current setup(s):
=================

http://www.lac.inpe.br/security/honeynet/ or http://www.honeynet.org.br

Our topology remains the same: a GenII with some modifications, and
all control mechanisms based in OpenBSD (pf, sessionlimit and
hogwash).

Honeypots with Solaris, *BSD, Linux and Windows. Some of them with
a modified shell and sebek2, sending logs to a centralized host.

Findings/developments this quarter:
===================================

Developments:
-------------

- started the deployment of honeyd on unallocated networks

- started the deployment of honeyd listeners

- using the new version of the bash patch for Linux and *BSD.

Malicious Activities:
---------------------

- lots of blaster worms (and variants) captured

- some blackhat tools captured.  New rootkits were used to
  upgrade the chkrootkit tool (http://www.chkrootkit.org/).

- kuang related activity remains popular


Presentations being developed:
------------------------------

- "Groningen Honeynet Workshop", to be presented at the
    University of Groningen, The Netherlands, October, 2003.

- "Honeynets and honeypots -- Mini Course", to be presented at the
  "5th SSI Conference", Sao Jose dos Campos, Brazil, November, 2003.


Plans for next quarter:
=======================

- continue honeyd deployment
- start the implementation of new honeyd listeners
- continue the sessionlimit development.
- continue session capture tool development.
- continue traffic redirect tool development.
- start implementation of honeypot activities analysis environment.

### 2003-3.txt ends here.