Spanish Honeynet Project http://honeynet.org.es Thu, 19 Mar 2009 17:34:17 +0000 en hourly 1
e-mail
notice Mailing list moved http://honeynet.org.es/news/mailing-list-moved/ http://honeynet.org.es/news/mailing-list-moved/#comments Mon, 02 Mar 2009 20:16:28 +0000 dgonzalez http://honeynet.org.es/?p=56 We have moved our mail list location to freelists.org. The new address is http://www.freelists.org/list/sphoneynet.

podcast]]> http://honeynet.org.es/news/mailing-list-moved/feed/ 0 New member http://honeynet.org.es/news/new-member/ http://honeynet.org.es/news/new-member/#comments Sun, 01 Mar 2009 15:54:38 +0000 dgonzalez http://honeynet.org.es/?p=60 We are glad to announce that our group has a new member. He is Pedro Sánchez, a security administrator of “Asociación Técnica de Cajas de Ahorros”.

He has worked in important companies as a security consultant specialized in computer forensics, honeynets, intrusion detection, firewalls, he also holds CISM and CHFI certifications. More details at members page.

Welcome aboard, Pedro! :)

service
]]> http://honeynet.org.es/news/new-member/feed/ 0 HoneySpot: The Wireless Honeypot http://honeynet.org.es/papers/honeyspot-the-wireless-honeypot/ http://honeynet.org.es/papers/honeyspot-the-wireless-honeypot/#comments Tue, 15 Jan 2008 20:54:24 +0000 siles http://honeynet.org.es/?p=34 HoneySpot: The Wireless Honeypot
Monitoring the Attacker’s Activities in Wireless Networks
A design and architectural overview

We’ve been developing a paper to create awareness and help to guide the deployment of wireless honeypots, mainly centered on 802.11 (WiFi) technologies. The paper is focused on providing a design and architectural overview for the deployment of wireless honeypots, coined as HoneySpots.

We’re currently involved in deploying these technologies, capture attacks and related information, develop analysis tools, and will publish a future paper with the findings. Meanwhile, we would like to publicly promote the deployment of these technologies by releasing this paper. If you are interested in developing or/and deploying wireless honeynets, contact us at project at (removethis)honeynet.org.es. The Spanish Honeynet Project wants to promote this research area, including multiple wireless technologies, mainly 802.11 and Bluetooth today, with future additions such as WiMAX.

]]> http://honeynet.org.es/papers/honeyspot-the-wireless-honeypot/feed/ 0 marketing FIST Talk http://honeynet.org.es/talks/fist-talk/ http://honeynet.org.es/talks/fist-talk/#comments Fri, 04 Feb 2005 16:52:55 +0000 dgonzalez http://honeynet.org.es/?p=32 Presentation of the Spanish Honeynet Project, describing the Project, what Honeynets are, their value, how they operate, and how they contribute to computer security. 29 slides.[Pic1] [Pic2] (Spanish language).

]]> http://honeynet.org.es/talks/fist-talk/feed/ 0 notice Scan of The Month 32 Write-up http://honeynet.org.es/papers/scan-of-the-month-32-write-up/ http://honeynet.org.es/papers/scan-of-the-month-32-write-up/#comments Wed, 27 Oct 2004 13:51:35 +0000 dgonzalez http://honeynet.org.es/?p=30 In this paper we analyze the malware provided for the Scan of the Month 32 released by the Honeynet Project in September 2004. The paper contains not only the answers to the questions of the challenge but also a detailed explanation of the methods and tools used to do the analysis.

podcast]]> http://honeynet.org.es/papers/scan-of-the-month-32-write-up/feed/ 0 Installing a Virtual Honeywall with VMware http://honeynet.org.es/papers/installing-a-virtual-honeywall-with-vmware/ http://honeynet.org.es/papers/installing-a-virtual-honeywall-with-vmware/#comments Wed, 15 Sep 2004 17:46:55 +0000 dgonzalez http://honeynet.org.es/?p=26 If the Honeywall CDROM is installed on a virtual machine, it will also include the many advantages that a virtual machine environment offers. This paper explains how to go about configuring VMware to deploy a Honeywall.

service
]]> http://honeynet.org.es/papers/installing-a-virtual-honeywall-with-vmware/feed/ 0 Building a GenII Honeynet Gateway http://honeynet.org.es/papers/building-a-genii-honeynet-gateway/ http://honeynet.org.es/papers/building-a-genii-honeynet-gateway/#comments Wed, 11 Aug 2004 21:13:29 +0000 dgonzalez http://honeynet.org.es/?p=9 This is a short guide to build a GenII Honeynet Gateway, also called a Honeywall, under Linux, broaching the most common problems and providing several solutions and tips.

]]> http://honeynet.org.es/papers/building-a-genii-honeynet-gateway/feed/ 0 marketing Honeywall scripts http://honeynet.org.es/tools/honeywall-scripts/ http://honeynet.org.es/tools/honeywall-scripts/#comments Sun, 11 Jul 2004 20:41:14 +0000 dgonzalez http://honeynet.org.es/?p=22 The scripts below have been written to make easier the management of the most common tools used in a Honeywall. The logging directories and log file name formats used are similar to the ones used by the Honeywall CDROM tool to preserve compatibility. These scripts are also included in the paper “Building a GenII Honeynet Gateway”.

honeywall.conf: The main configuration file. It is an improved version of honeywall.conf config file included in the Honeywall CDROM by The Honeynet Project. It has two new options: LAN_BLOCK and LAN_ALLOWDED_IP. We suggested this new functionality to the Alliance who integrated it into Roo as whitelisting and blacklisting.

rc.firewall: Script for loading iptables firewall. It is an improved version of the rc.firewall script v0.8 found in Honeywall CDROM that supports the new LAN_BLOCK option. On the other hand, the handlers’ section has been simplified.

snort.sh: Script for managing snort NIDS (config file not provided).

snort_inline.sh: Script for managing snort-inline (config file not provided).

snort_pcap.sh: Script for recording network traffic in binary format using snort in logging mode.

tcpdump.sh: Script for recording network traffic in binary format using tcpdump.

swatch.sh: Script for managing Swatch, used to provide basic alerting capabilites.

swatch.conf: Swatch elemental configuration file.

]]> http://honeynet.org.es/tools/honeywall-scripts/feed/ 0 notice