Welcome to the UK Honeynet ProjectThe UK Honeynet Project (a Chapter of The Honeynet Project) was founded in 2002 as a volunteer not-for-profit research organisation. Our aim is to provide information surrounding security threats and vulnerabilities active in the wild on UK networks today, to learn the tools, tactics, and motives of the blackhat community and to share these lessons learned with the public and the wider IT community. The project seeks to provide input as part of an overall honeynet community of teams researching security within IT systems around the globe.
Malware collection on the increase. Some interesting stats from MWCollect and Nepenthes show malware collection is on the increase:
The results from a /17 network block in Germany are particularly interesting.
Activeworx update Honeynet Security Console. Activeworx have released an updated version of their free HSC tool: http://www.activeworx.org “Activeworx is pleased to announce the release of Honeynet Security Console(HSC) version 2.5 For Windows 2000/XP. HSC is a free analysis tool to view events on your personal network or honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. This tool is not only for honeynets, it is also a great interface to view snort events. With both HSC and IDS Policy Manager (also at activeworx.org) you have a free complete solution to manage your snort rules and view the events. The release of HSC v2.5 adds many new features. These including new graphs, printing, copying events and overall look and feel. Here are some additional
changes: Added – Print events from event grids
Added – Refresh Unique Events
Added – Event Overview now shows 24 hour, 7 day, 30 day and 90 day graphs Added – Search output to Time of Day Graphs Added – Ctrl-C now copies highlighted events to the clipboard Added – Priority Graphs have been cleaned up Added – Task Filter options with finite values now have a drop down values Added – Viewing IDS events are more descriptive Added – Support for email authentication Added – Visual changes throughout the app make it more pleasant to the eye and easier to use.”
Microsoft’s “monkeys” find first zero-day exploit: Microsoft’s well publicised Honeymonkey project has found its first zero day exploit: http://online.securityfocus.com/news/11273
UK consumers ‘banking blindly’ http://www.enn.ie/news.html?code=9628946 (references research by the Honeynet Project and IBM)
Japanese Honeynet Project joins Research Alliance: The Japanese Honeynet Project has joined the Honeynet Project’s Research Alliance. More details about the group can be found here http://www.vogue.is.uec.ac.jp/honeynet/
Logalert released: Gabriel Armbrust Araujo has released a logfile monitoring tool called ‘logalert’ which executes a specific action whenever it matches a pattern [regex], much like the swatch perl script. See http://logalert.sourceforge.net/
Discussion forums added for honeyd: Discussion forums for honeyd have been added by Niels on the Honeyd home page at http://www.honeyd.org/
Google Hack Honeypot Project updated: The Google Hack Honeypot project has released version 1.1 of its tools and documentation, available immediately at http://ghh.sourceforge.net. “GHH is the “Google Hack” honeypot, a package of honeypots, tools, and documentation reacting to search engine hacking. Google provides an unbiased index of all things public, vulnerable or not. This index provides attackers a convenient path for exploitation, while GHH provides the convenient path to embarrassment. Version 1.1 is a compilation of many updates including: centralized logging (MySQL), advanced proxy detection, spoofed file extensions and new pre-built honeypots. These features allow GHH to respond to advances in search enging hacking.”