### Greek Honeynet Project ###
Status report for May 2007
1.0 DEPLOYMENTS
=================
1.1 Current technologies deployed
Previous reports document
our deployments: http://www.honeynet.gr/reports/
1) Honey-1: production
Platform
Topology:
http://www.honeynet.gr/honey1/topol-d2a.png
Honeywall: roo 1.0-hw-189
Honeypots: vmhost debian
3.0.3.1, debian woody 3.0, Fedora core 3, slackware 10.0.0, MS WIN XP SP2
2) Honey-2: Non-production
Platform
Topology:
http://www.honeynet.gr/honey2/topol2.png
Currently, (1) above is not
operational due to serious hardware and software problems,
so operational is only our
(2) above.
1.2 Activity timeline: Highlight attacks,
compromises, and interesting information collected.
no compromises, a lot of
probes on ports tcp/22, tcp/5900, tcp/1433, tcp/3306, udp/1026, udp/1027
from US, TW, KR, DE giving
the top scores.
2.0 FINDINGS
===========
3.0 LESSONS LEARNED
===================
Always have plans to
recover from crash, partial virtualization is not enough,
be prepared, honeynet
maintance is a very hard task. Do not depend on old
hardware components, local
cms/wiki comes to some rescue.
4.0 NEW TOOLS
==============
4.1 What new tools or technology are you working
on?
Experimentation with
Anti-spam software that detects spam hosts via a concept of mailbox honeytoken.
Some work on our home grown
HoneyStas package has been done, since put this tool on sourceforge
sourceforge/Honeystats we
see about 50 downloads and 200 views per month by the community
http://sourceforge.net/projects/honeystats
5.0 PAPERS AND
PRESENTATIONS
==============================
Main activity for this
period has been "Honeynet" promotional work:
(1) We have open a channel
with national FCC that showed interest in Honeynets
(2) We have agreement with
a major HEALTH public organization with EU connections
to devise and implement a
customized Honeypot concept.
(3) One member attached to
National Defence School pursued raising awareness activities
(4) Our new re-employment
got us in touch with a group of two admins experimenting with honeypots
in Institute of Informatics
and Telecommunications
(5) KYE Book 2nd Edition
general promotion
6.0 ORGANIZATIONAL
====================
6.1 Changes in the structure of your
organization.
All members moved to
different organisations or tasks, until recently. One to
Institute of Informatics
and Telecommunications (same org), one to National Defence School,
one Medical Research
Center, one to Security Provider. This made it difficult to continue our main
activities with University students and our honeynet infrastructure and
collaboration in general. Currently, we are in the process of re-constructing
our team as we have been re-employed by our Research Organization and allocated
to our initial network lab, just as this very report is being written. Only
Parent Institute change.
6.2 Your feedback on Alliance activities.
One of us has been
following the re-organization of the HP/Alliance and are in
agreement in the new
developments.
7.0 GOALS
=========
7.1 Which of your goals did you meet for the
last six months?
We had set the following
goals:
- obtain Gen III experience
Some experience before got
crash on hardware
- project promotion and
(people) network activities
Promotion yes, network with
people no
- Uploading our papers to
the central site of HP/HRA
Remains to do.
7.2 Which of your goals did you not meet for the
last six months?
Mainly missed our goals
except promotion
7.3 Goals for the next six months
- new honeynet deployment
& join GDH
- (people) network
activities
- re-establish team
stability
- get one new organization
as partner in the greek honeynet project
- get two more contributing
members
8.0 MISC ACTIVITIES
===================
- pursue localization of
KYE papers