###  Greek Honeynet Project  ###

Status report for May 2007

 

1.0 DEPLOYMENTS

=================

 

1.1  Current technologies deployed

 

 

 

Previous reports document our deployments: http://www.honeynet.gr/reports/

 

 

1) Honey-1: production Platform

 

Topology: http://www.honeynet.gr/honey1/topol-d2a.png

 

Honeywall: roo 1.0-hw-189

Honeypots: vmhost debian 3.0.3.1, debian woody 3.0, Fedora core 3, slackware 10.0.0, MS WIN XP SP2

 

 

2) Honey-2: Non-production Platform

 

Topology: http://www.honeynet.gr/honey2/topol2.png

 

Currently, (1) above is not operational due to serious hardware and software problems,

so operational is only our (2) above.

 

 

1.2  Activity timeline: Highlight attacks, compromises, and interesting information collected.

 

no compromises, a lot of probes on ports tcp/22, tcp/5900, tcp/1433, tcp/3306, udp/1026, udp/1027

from US, TW, KR, DE giving the top scores.

 

2.0 FINDINGS

===========

 

3.0 LESSONS LEARNED

===================

Always have plans to recover from crash, partial virtualization is not enough,

be prepared, honeynet maintance is a very hard task. Do not depend on old

hardware components, local cms/wiki  comes to some rescue.

 

4.0 NEW TOOLS

==============

 

4.1  What new tools or technology are you working on?

 

Experimentation with Anti-spam software that detects spam hosts via a concept of mailbox honeytoken.

 

Some work on our home grown HoneyStas package has been done, since put this tool on sourceforge

sourceforge/Honeystats we see about 50 downloads and 200 views per month by the community

http://sourceforge.net/projects/honeystats

 

 

5.0 PAPERS AND PRESENTATIONS

==============================

 

Main activity for this period has been "Honeynet" promotional work:

 

(1) We have open a channel with national FCC that showed interest in Honeynets

(2) We have agreement with a major HEALTH public organization with EU connections

to devise and implement a customized Honeypot concept.

(3) One member attached to National Defence School pursued raising awareness activities

(4) Our new re-employment got us in touch with a group of two admins experimenting with honeypots

in Institute of Informatics and Telecommunications

(5) KYE Book 2nd Edition general promotion

 

6.0 ORGANIZATIONAL

====================

 

6.1  Changes in the structure of your organization.

 

All members moved to different organisations or tasks, until recently. One to

Institute of Informatics and Telecommunications (same org), one to National Defence School,

one Medical Research Center, one to Security Provider. This made it difficult to continue our main activities with University students and our honeynet infrastructure and collaboration in general. Currently, we are in the process of re-constructing our team as we have been re-employed by our Research Organization and allocated to our initial network lab, just as this very report is being written. Only Parent Institute change.

 

6.2  Your feedback on Alliance activities.

 

One of us has been following the re-organization of the HP/Alliance and are in

agreement in the new developments.

 

 

 

7.0 GOALS

=========

 

7.1  Which of your goals did you meet for the last six months?

 

We had set the following goals:

 

- obtain Gen III experience

 

Some experience before got crash on hardware

 

- project promotion and (people) network activities

 

Promotion yes, network with people no

 

- Uploading our papers to the central site of HP/HRA

 

Remains to do.

 

7.2  Which of your goals did you not meet for the last six months?

 

Mainly missed our goals except promotion

 

 

7.3  Goals for the next six months

 

- new honeynet deployment & join GDH

 

- (people) network activities

 

- re-establish team stability

 

- get one new organization as partner in the greek honeynet project

 

- get two more contributing members

 

 

 

8.0 MISC ACTIVITIES

===================

 

- pursue localization of KYE papers