UK Honeynet Project 

Version 0.9 bugfix release of Honeysnap released.

[Now obselete, see Honeysnap for the current version.]

VMWare Stealth Patch released by French Honeynet Project. Kostya Kortchinsky of the French Honeynet Project has release a new version of his patch for VMware that allow operators to further obfuscate VMware used as a honeypot. http://www.securityfocus.com/archive/119/349385
http://honeynet.rstack.org/tools/vmpatch.c New features include the ability to create a virtual host without the VMWare backdoor, modify the graphics card and set a non VMWare MAC address.

Logalert released: Gabriel Armbrust Araujo has released a logfile monitoring tool called ‘logalert’ which executes a specific action whenever it matches a pattern [regex], much like the swatch perl script. See http://logalert.sourceforge.net/

Google Hack Honeypot Project updated: The Google Hack Honeypot project has released version 1.1 of its tools and documentation, available immediately at http://ghh.sourceforge.net. “GHH is the “Google Hack” honeypot, a package of honeypots, tools, and documentation reacting to search engine hacking. Google provides an unbiased index of all things public, vulnerable or not. This index provides attackers a convenient path for exploitation, while GHH provides the convenient path to embarrassment. Version 1.1 is a compilation of many updates including: centralized logging (MySQL), advanced proxy detection, spoofed file extensions and new pre-built honeypots. These features allow GHH to respond to advances in search enging hacking.”

iDEFENSE Labs Releases Multipot “Authored by David Zimmer, iDEFENSE Labs is releasing Multipot, an open source emulation based honeypot designed to capture malicious code which spreads through various exploits across the net. Multipot is available for download from: http://labs.idefense.com Multipot was designed to emulate exploitable services to safely collect malicious code. Further information is available in the bundled install file. Process Stalker and OllyDbg Breakpoint Manager were separately updated to address various bugs. More information regarding the changes is available in the respective bundled archives also available on the iDEFENSE Labs website.” Two similar tools are also being actively developed by researchers from the German Honeynet Project and are available here: Nepenthes: http://nepenthes.sourceforge.net MWcollect: http://mwcollect.org (funded by the Honeynet Project)

Brcontrol released: http://brcontrol.sourceforge.net/

Honeybee Released: Thomas Apel created a tool for automatically generation plug-ins for honeyd based on the behavior of real servers for his diploma thesis called Honeybee. “For Honeypots to be effective they have to simulate a wide variety of network services. Generating such simulations by hand is a daunting task. An automated system for fingerprinting known servers for common network protocols like Telnet, SMTP, POP3, IMAP4, FTP and HTTP would facilitate deployment of varying honeypots trendemously.Honeybee is such a tool. It can semi-automatically create emulators of network server applications. The resulting emulators can be used together with the honeypot application Honeyd. The emulators should be able to withstand the most common fingerprinting attempts. Honeybee consists of two parts: A scanner and a generic emulators per protocol. The Honeybee scanner talks to a real server and extracts its personality. This personalities are stored in database files and are used to control the generic emulator. The generic emulators use Honeyd’s interface for Python plug-in. Further Information is available at http://lufgi4.informatik.rwth-aachen.de/diplomas/show/6.

As announced on the Honeynet Project web site, a beta version of Sebek clients for BSD systems has been released (version 3, required for GenIII honeynets and the Roo Honeywall CDROM). It can be obtained here: http://honeynet.droids-corp.org