- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
ORGANIZATION New Chapter lead: Sjur Eivind Usken (previous Einar Oftedal) Members: Einar Oftedal Tor Inge Skaar - CC2ASN and helping out running and updating the servers Roger Carlsen - helping out with honeycloud Atle Soma - helping out with networking setup Morten Krakvik Erlend Oftedal - looking into web malware, and client side attacks initiated from web sites Lars Haukli Øystein Fladby (Felix Leder) Left the chapter: Morten Rodal DEPLOYMENTS List current technologies deployed. honeywall Several VoIPHun (SIP honeypot) SSH honeypot (tried Kippo as well) Activity timeline: Challenge number 4 - VoIP challenge General progress during the year. RESEARCH AND DEVELOPMENT Honeycloud Setting up a private cloud for all Honeynet Members. This is currently 12 servers, but can be expanded. Working on a larger storage solution as well. Femtocell testing Testing femtocells for security issues. Mostly the Honeynet Telecom Special Interest Group (TSIG) Setting up automatic visits on top norwegian sites, and recording/detecting any malware in play. CC2ASN database: a kind of inverse ip-to-country lookup service. We have blogged about this on two occations; http://www.honeynor.no/2009/06/19/country-lookup/ and http://www.honeynor.no/2010/03/23/enhanced-cc2asn/. The override definition file for the enhanced database are being reviewed and updated. FINDINGS SIP honeypot The same attacks are present, but also botnets are starting to use SIPVicious and other tools. Missing: Honeebox version 2.0 !! PAPERS AND PRESENTATIONS Internal presentations on SIP security for several companies. Honeynet Project Tools presentation by Tor Inge Skaar at the ISF 2010 conference in Norway (http://www.honeynor.no/2010/09/02/isf-conference/) GOALS There were no specific goals for last year, but we would like to deploy Honeebox 2.0 as soon as it is ready. Goals 2011: Honeycloud ready (soon) Test out the new honeywall Get kippo up and running with a better management solution (automatic reporting etc) MISC ACTIVITIES Internal infrastructure maintenance and keeping server software up to date.
Finally we can announce with great pleasure the first public beta of the Beeswarm project.
Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The project differentiates itself by two key items:
Active deceptions Read more »
The Conpot team recently introduced what we call the proxy module. Basically we forward the traffic from one service in Conpot to a service running on a real piece of hardware. This is a very successful technique when figuring out a unknown hardware or protocol. Next step then is to decode the messages logged in the proxy module. Most of this step is done by studying books of specifications, leaked manuals and offensive tools. This then gives us insight into the protocol, the commands sent and responses generated. Read more »
Norwegian Honeynet Chapter - Status Report For 2013
Sjur Eivind Usken - Chapter Lead
Daniel Haslinger - Security researcher from Austria
Aniket Panse - Successful GSoC student
Tor Inge Skaar - Busy changing diapers
A list of tools deployed by the Norwegian Honeynet Chapter:
Glastopf - Web application honeypot
Conpot - ICS/SCADA honeypot
RESEARCH AND DEVELOPMENT: Read more »
New Chapter lead: Sjur Eivind Usken (previous Einar Oftedal)
Tor Inge Skaar - Maintenance and new sensors
Roger Carlsen - helping out with honeycloud
Atle Soma - helping out with networking setup
Erlend Oftedal - looking into web malware, and client side attacks initiated from web sites
List current technologies deployed.
Several VoIPHun (SIP honeypot)
SSH honeypot (tried Kippo as well) Read more »
This year we've got one new member; Erlend Oftedal. He is working for Bekk Consulting and is maintaining his blog at http://erlend.oftedal.no/blog in addition to ours. He's an expert in web application security. Also, Christian Stigen Larsen has left our chapter. It's excellent that the Honeynet Project finally got it's own SILC server, though we would wish more of the chapters would use it.
The norwegian chapter currently consists of the following members: Read more »