Current setup(s): ================= http://www.honeynet.org.br/ Our topology remains the same: a GenII with some modifications, and all control mechanisms based in OpenBSD (pf, sessionlimit and hogwash). Honeypots with Solaris, *BSD, Linux and Windows. Some of them with a modified shell and sebek2, sending logs to a centralized host. Findings/developments this quarter: =================================== Developments: ------------- - the deployment of honeyd on unallocated networks started a new project: Brazilian Honeypots Alliance -- Distributed Honeypots Project http://www.honeypots-alliance.org.br/ The objective of this project is to increase the capacity of incident detection, event correlation and trend analisys in the Brazilian Internet space. - finished the beta version of SMaRT (Session Monitoring and Replay Tool) - deployment of honeyd listeners Malicious Activities: --------------------- - activity on ports 554/TCP, 901/TCP and 6129/TCP increased - lots of blaster worms (and variants) captured - kuang related activity remains popular Papers and Presentations: ------------------------- - "Groningen Honeynet Workshop", 5 day course presented at the University of Groningen, The Netherlands, October, 2003. - "Microcurso: Honeynets and Honeypots", tutorial presented at the 5th SSI Conference, Sao Jose dos Campos, Brazil, November, 2003. - "Técnicas de Monitoração de Atividades em Honeypots de Alta Interatividade", paper presented at the 5th SSI Conference, Sao Jose dos Campos, Brazil, November, 2003. - "Mecanismos para Contenção de Tráfego Malicioso de Saída em Honeynets", paper presented at the 5th SSI Conference, Sao Jose dos Campos, Brazil, November, 2003. - "Desvio de tráfego malicioso destinado a redes de produção para uma HoneyNet", paper presented at the GTS meeting, Rio de Janeiro, December, 2003. - "HoneyPots Distribuídos", presentation at the GTS meeting, Rio de Janeiro, December, 2003. - "SMaRT - Session Monitoring and Replay Tool", paper presented at the GTS meeting, Rio de Janeiro, December, 2003. Plans for next quarter: ======================= - start the deployment of a second honeynet - start tests with snort-inline - finish the test phase and release the SMaRT tool to the public - continue the efforts in the Distributed Honeypots Project - continue the implementation of new honeyd listeners - continue the sessionlimit development. - continue session capture tool development. - continue traffic redirect tool development. ### 2003-4.txt ends here.