Welcome to the UK Honeynet ProjectThe UK Honeynet Project (a Chapter of The Honeynet Project) was founded in 2002 as a volunteer not-for-profit research organisation. Our aim is to provide information surrounding security threats and vulnerabilities active in the wild on UK networks today, to learn the tools, tactics, and motives of the blackhat community and to share these lessons learned with the public and the wider IT community. The project seeks to provide input as part of an overall honeynet community of teams researching security within IT systems around the globe.
The Honeynet Project has published a new Scan of the Month (SotM) challenge, number 34. This month’s challenge is to analyze a diverse set of logs captured on the honeypot by various monitoring and auditing systems in order to determine whether (and how) the honeypot was compromised.
Distributed Open Proxy Honeypot Project: “The WASC solution is to use one of the web attacker’s most trusted tools against him – the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification and report all logging data to a centralized location.”
The new UK Honeynet Project website has been launched.
The UK Honeynet Project status report has been released for the period September 2004 – March 2005.
Adjust.pl utility released, to synchronise Sebek logs for clients with out of step local clocks. Potentially useful if you are trying to match IDS and pcap files to attacker keystrokes.
New Honeynet Project Know Your Enemy paper, KYE: Tracking Botnets released. This paper is based on extensive research by the German Honeynet Project and covers what Botnets are, how they work, the people behind them, and several new tools for tracking Botnets and learning more.
Ever used google and come across links to insecure computer system management interfaces? The Google Hack Honeypot is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH is powered by the Google search engine index and the Google Hacking Database (GHDB) and is an interesting spin on traditional honeypot technology.
Project Honey Pot is an attempt to create a distributed system for tracking spammers who harvest email addresses by web site crawling. Install the software on your web server and unique mail addresses are created to link the attacker IP and time to recieved spam.