Internet Systematics Lab HoneyNet Project Quarterly Report Q1/2003.

 

 

Current Setup

 

Our setup has seen the beginning of radical changes this quarter. We have deployed a brand new GEN-II Honeynet.

 

2nd Honeynet Description

---------------------------------

Aim of this deployment was to upgrade to the latest release of all alliance tools and methods including new snort-inline versions, sebek2 and the rc.firewall script. The topology of our 2nd Honeynet was kept simpler this time, so we could focus on the new tools rather on tricky topologies. The exact topology is the reference GEN-II topology and can be seen here!

 

For the time being there are three Honeypots :

 

Linux RedHat 7.3 - Syslog Server

Linux RedHat 7.3,

Windows 2000

 

Honeypot Servers

windows networking

apache

wu-ftpd

mysqld

sendmail

syslogd

bind

ms-sql

iis

 

More development is still required until this Honeynet is fully stabilized.

 

 

1st Honeynet

 

Our original Honeynet stands still. As time goes by this deployment will be eventually replaced by the newer one. The components of this HoneyNet will probably be reused for a newer Honeynet implementation.

 

The main analysis tools used are ACID and Ethereal.

 

 

Findings / Developments

-----------------------------------

 

For the past quarter we had to focus more on development so data analysis was a little bit overlooked. No compromises were succesfull this quarter, and at the same time a lot of worm activity and scanning took place.

 

Developments

------------------

 

1.Focus on writing Chapter 5 of the KYE II Alliance book

Most of our efforts this quarter went to this cause. Hopefully the results will be at least as rewarding.

Created a flow diagram of DCON operation that should prove helpfull for anyone taking a closer look at these mechanisms.

2.Deploy a bleeding edge GEN-II Honeynet

Lots of testing and valuable tool behaviour knowledge gathered.

Made lots of steps towards standardising a deployment method. Much of this work was integrated into Chapter 5 of the KYE II

 

 

3.Layed out the ground work for maintaining a dual language (Greek, English) web site.

 

 

 

Plans for the Next Quarter

--------------------------------------

 

This quarter we plan to:

 

a) Present a dual language (English,Greek) version of our Honeynet Project Site.

b) Resume Daily Data Analysis

c) Focus on publications / presentations

d) Collaborate with organizations in Greece/EU that are interested in HoneyNets