Report:Apr-2006

From Honeynet-PT

Contents 1 DEPLOYEMENTS 2 FINDINGS 3 MISC ACTIVITIES 4 ORGANIZATIONAL 5 LESSONS LEARNED 6 FUTURE GOALS

DEPLOYEMENTS

Current technologies deployed.

This semester we have maintained the same architectures as before:
- one Gen III Honeypot Farm with HoneyMole as an aggregator of honeypots, with four honeypots virtually in a different networks (different ISPs and companies)

Lessons learned from the technology, what we like about it.

Farming honeypots is an excellent way to save costs and time. It's very handy having the complete honeynet in one central location, while collecting traffic from several networks. HoneyMole have been proved to be the easiest way to deploy Honeypot Farms.

Lessons learned from the technology, what is lacking, what we would like to see improved.

A new functionality will be added in order to hide a little bit more the network latency of remote honeypots.

FINDINGS

Number and type of systems compromised during six month period.

None.

Highlight any unique findings, attacks, tools, or methods.

None.

Any trends seen in the past six months.

We're seeing an increase again in SSH brute force attacks in the last 2 months.

Document data analysis tools and methods being used.

None.

For data analysis what tools work well, and what still needs to be developed.

Integration between HoneyMole and HoneyWall is necessary in order to minimize the deployment time. It will be easier to have a menu in HoneyWall to configure Honeymole settings..

MISC ACTIVITIES

Presenting at conferences.

None.

Developing, testing or releasing code.

Development of HoneyMole. Check our website for more info.

Publication of papers.

None.

Involvement in SotM challenges.

None.

Other.

None.

ORGANIZATIONAL

Changes in your structure of your organization.

Our organization structure will change, since two of the three core members left the project due to lot of work in their professional life and the lack of time to dedicate to the project.

From now on Bruno Morisson and Marco Vaz are no longer members of the Portuguese Honeynet Project.

I would like to thank all the time and effort they have dedicated in the last few years.

Since the project needs to move on, four to six new members will join soon.

LESSONS LEARNED

What positive things can you share with the community, so they can replicate your success.

We believe Honeypot Farms are the best way to deploy honeynets, and HoneyMole has been one of the most important tools we've been using.

What mistakes can you share with the community, so they don't make the same mistakes.

None.

FUTURE GOALS

Plans/Goals for next six months.

We are going to continue HoneyMole development with new functionalities and improvements. Our honeypot farm concept will be used to deploy a central repository for malware detection with Nepenthes.