Challenge 5 has been created by Raffael Marty from the Bay Area Chapter, Anton Chuvakin from the Hawaiian Chapter, and Sebastien Tricaud from the French Chapter. It is a bit more open ended than the last challenges.

The questions are a more open ended than past challenges. To score highly, we recommend to answer the following way:

* Accuracy is highly encouraged to get the highest note
* You must explain tools you used and how
* If you use visualization tools such as afterglow, picviz, graphviz, gnuplot etc. explain why this was better (than other tools, than other visualization): such as good timeline representation etc.
* Outline HOW you found things

Submission deadline is September 30th and we will be announcing winners around October 21st. We have a few small prizes for the top three submission.

Enjoy!

To facilitate the work VoIP Honey includes a very nice bash-like command line interface based on ncurses, with history and auto-complete features. Also offers comprehensive well-structured and full configurable debug information.

As the authors say the VoIP Honey project is in a very basic early stage and it is only recommend to use it for testing in a strictly controlled network environments without direct Internet connection (in example Virtual Machines).

Photo by kozumel

He has worked in important companies as a security consultant specialized in computer forensics, honeynets, intrusion detection, firewalls, he also holds CISM and CHFI certifications. More details at members page.

Welcome aboard, Pedro! :)

We’ve been developing a paper to create awareness and help to guide the deployment of wireless honeypots, mainly centered on 802.11 (WiFi) technologies. The paper is focused on providing a design and architectural overview for the deployment of wireless honeypots, coined as HoneySpots.

We’re currently involved in deploying these technologies, capture attacks and related information, develop analysis tools, and will publish a future paper with the findings. Meanwhile, we would like to publicly promote the deployment of these technologies by releasing this paper. If you are interested in developing or/and deploying wireless honeynets, contact us at project at (removethis)honeynet.org.es. The Spanish Honeynet Project wants to promote this research area, including multiple wireless technologies, mainly 802.11 and Bluetooth today, with future additions such as WiMAX.

honeywall.conf: The main configuration file. It is an improved version of honeywall.conf config file included in the Honeywall CDROM by The Honeynet Project. It has two new options: LAN_BLOCK and LAN_ALLOWDED_IP. We suggested this new functionality to the Alliance who integrated it into Roo as whitelisting and blacklisting.

rc.firewall: Script for loading iptables firewall. It is an improved version of the rc.firewall script v0.8 found in Honeywall CDROM that supports the new LAN_BLOCK option. On the other hand, the handlers’ section has been simplified.

snort.sh: Script for managing snort NIDS (config file not provided).

snort_inline.sh: Script for managing snort-inline (config file not provided).

snort_pcap.sh: Script for recording network traffic in binary format using snort in logging mode.

tcpdump.sh: Script for recording network traffic in binary format using tcpdump.

swatch.sh: Script for managing Swatch, used to provide basic alerting capabilites.

swatch.conf: Swatch elemental configuration file.