Norwegian Chapter

ORGANIZATION

New Chapter lead: Sjur Eivind Usken (previous Einar Oftedal)

Members:

Einar Oftedal
Tor Inge Skaar - CC2ASN and helping out running and updating the servers
Roger Carlsen - helping out with honeycloud
Atle Soma - helping out with networking setup
Morten Krakvik
Erlend Oftedal - looking into web malware, and client side attacks initiated from web sites
Lars Haukli
Øystein Fladby
(Felix Leder)
Left the chapter: Morten Rodal

DEPLOYMENTS

List current technologies deployed.

honeywall
Several VoIPHun (SIP honeypot)
SSH honeypot (tried Kippo as well)

Activity timeline:

Challenge number 4 - VoIP challenge
General progress during the year.

RESEARCH AND DEVELOPMENT

Honeycloud Setting up a private cloud for all Honeynet Members. This is currently 12 servers, but can be expanded. Working on a larger storage solution as well.

Femtocell testing Testing femtocells for security issues. Mostly the Honeynet Telecom Special Interest Group (TSIG)

Setting up automatic visits on top norwegian sites, and recording/detecting any malware in play.

CC2ASN database: a kind of inverse ip-to-country lookup service. We have blogged about this on two occations; http://www.honeynor.no/2009/06/19/country-lookup/ and http://www.honeynor.no/2010/03/23/enhanced-cc2asn/. The override definition file for the enhanced database are being reviewed and updated.

FINDINGS

SIP honeypot

The same attacks are present, but also botnets are starting to use SIPVicious and other tools.

Missing: Honeebox version 2.0 !!

PAPERS AND PRESENTATIONS

Internal presentations on SIP security for several companies.

Honeynet Project Tools presentation by Tor Inge Skaar at the ISF 2010 conference in Norway (http://www.honeynor.no/2010/09/02/isf-conference/)

GOALS

There were no specific goals for last year, but we would like to deploy Honeebox 2.0 as soon as it is ready.

Goals 2011:

Honeycloud ready (soon)
Test out the new honeywall
Get kippo up and running with a better management solution (automatic reporting etc)

MISC ACTIVITIES

Internal infrastructure maintenance and keeping server software up to date.

Beeswarm - active deceptions made easy

Finally we can announce with great pleasure the first public beta of the Beeswarm project.
Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The project differentiates itself by two key items:

  • Active deceptions
  • Simplicity and ease of use

Active deceptions

Outsmarting the smart meter

The Conpot team recently introduced what we call the proxy module. Basically we forward the traffic from one service in Conpot to a service running on a real piece of hardware. This is a very successful technique when figuring out a unknown hardware or protocol. Next step then is to decode the messages logged in the proxy module. Most of this step is done by studying books of specifications, leaked manuals and offensive tools. This then gives us insight into the protocol, the commands sent and responses generated.

Honeynor 2013 - The Norwegian Chapter status report for 2013

Norwegian Honeynet Chapter - Status Report For 2013

ORGANIZATION:

Existing members:
Sjur Eivind Usken - Chapter Lead
Einar Oftedal
Lukas Rist
Johnny Vestergaard
Phani Vadrevu
Erlend Oftedal

New members:
Daniel Haslinger - Security researcher from Austria
Aniket Panse - Successful GSoC student

Alumni:
Tor Inge Skaar - Busy changing diapers

DEPLOYMENTS:

A list of tools deployed by the Norwegian Honeynet Chapter:
Glastopf - Web application honeypot
Conpot - ICS/SCADA honeypot

RESEARCH AND DEVELOPMENT:

Honeynor - Chapter Status Report For 2011/2012

ORGANIZATION

List current chapter members and their activities.

  • Sjur Eivind Usken - chapter lead
  • Matt Erasmus
  • Felix Leder
  • Einar Oftedal
  • Erlend Oftedal
  • Lukas Rist
  • Phani Vadrevu
  • Tord Lundstrøm
  • Øystein Fladby
  • Morten Kråkvik
  • Morten Hovland

Honeynor Status Report - 2009/2010

ORGANIZATION

New Chapter lead: Sjur Eivind Usken (previous Einar Oftedal)

Members:

Einar Oftedal
Tor Inge Skaar - Maintenance and new sensors
Roger Carlsen - helping out with honeycloud
Atle Soma - helping out with networking setup
Morten Krakvik
Erlend Oftedal - looking into web malware, and client side attacks initiated from web sites
Lars Haukli
Øystein Fladby
(Felix Leder)

DEPLOYMENTS

List current technologies deployed.

honeywall
Several VoIPHun (SIP honeypot)
SSH honeypot (tried Kippo as well)

Norwegian Chapter - Status Report 2008

ORGANIZATION
This year we've got one new member; Erlend Oftedal. He is working for Bekk Consulting and is maintaining his blog at http://erlend.oftedal.no/blog in addition to ours. He's an expert in web application security. Also, Christian Stigen Larsen has left our chapter. It's excellent that the Honeynet Project finally got it's own SILC server, though we would wish more of the chapters would use it.
The norwegian chapter currently consists of the following members:

The Norwegian Chapter - www.honeynor.no

The team from the Norwegian chapter has our own webpage at http://www.honeynor.no
Please drop by!

About The Honeynet Project

The Honeynet Project is a leading international 501c3 non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight against malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world.

Syndicate content