Spanish Honeynet Project

The Honeynet Project has recently announced Forensic Challenge 5. This challenge takes you into the world of virtual systems and confusing log data. Figure out what happened to a virtual server using all the logs from a possibly compromised server.

Challenge 5 has been created by Raffael Marty from the Bay Area Chapter, Anton Chuvakin from the Hawaiian Chapter, and Sebastien Tricaud from the French Chapter. It is a bit more open ended than the last challenges.

The questions are a more open ended than past challenges. To score highly, we recommend to answer the following way:

* Accuracy is highly encouraged to get the highest note
* You must explain tools you used and how
* If you use visualization tools such as afterglow, picviz, graphviz, gnuplot etc. explain why this was better (than other tools, than other visualization): such as good timeline representation etc.
* Outline HOW you found things

Submission deadline is September 30th and we will be announcing winners around October 21st. We have a few small prizes for the top three submission.

Enjoy!

HoneySpot: The Wireless Honeypot
Monitoring the Attacker’s Activities in Wireless Networks
A design and architectural overview

We’ve been developing a paper to create awareness and help to guide the deployment of wireless honeypots, mainly centered on 802.11 (WiFi) technologies. The paper is focused on providing a design and architectural overview for the deployment of wireless honeypots, coined as HoneySpots.

We’re currently involved in deploying these technologies, capture attacks and related information, develop analysis tools, and will publish a future paper with the findings. Meanwhile, we would like to publicly promote the deployment of these technologies by releasing this paper. If you are interested in developing or/and deploying wireless honeynets, contact us at project at (removethis)honeynet.org.es. The Spanish Honeynet Project wants to promote this research area, including multiple wireless technologies, mainly 802.11 and Bluetooth today, with future additions such as WiMAX.

In this paper we analyze the malware provided for the Scan of the Month 32 released by the Honeynet Project in September 2004. The paper contains not only the answers to the questions of the challenge but also a detailed explanation of the methods and tools used to do the analysis.

If the Honeywall CDROM is installed on a virtual machine, it will also include the many advantages that a virtual machine environment offers. This paper explains how to go about configuring VMware to deploy a Honeywall.

This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.