Swedish Chapter

Swedish Chapter – Chapter Status Report For 2013

ORGANIZATION:

Current members:
Mikael Keri
Matthias Gutehall
Daniel Lidberg
Are Hansen
Ioannis Koniaris

DEPLOYMENTS:

During 2013, which was our first year as a chapter focus has been on Glastopf, a “web” honeypot.
Currently we are hosting 7 of them ourselves and have another 2 being hosted by people interested in learning more about honeypots. All of them deployed on Swedish ISPs.

All our Glastopf installations have submitted their data to hpfriends from the start.

We are also using and trying out a few other types of honeypots such as Dionaea, Cuckoo, Thug and Kippo. Our goal is to have some of these honeypots installed into “production” during 2014.

Our primary goal for starting the Swedish chapter was to provide local data to interested parties in Sweden, but also contribute to the project at large with our data/findings.

RESEARCH AND DEVELOPMENT:

As 2013 was our first year as a chapter, we decided to focus on getting a base deployment up and running. That being said we have done some minor contribution to the Glastopf honeypot (https://github.com/glastopf/glastopf/graphs/contributors (@nixcon och @nsmfoo). We have had some excellent support from Lukas Rist and Johnny Vestergaard during our work to familiarize ourselves with Glastopf and help with any issues that we came across doing so.

We also began the work on OpenHoney, an OpenBSD based distribution with Glastopf. The team will put more effort in OH during 2014. With the aim of creating a small and easy to use installation for those interested in running their own honeypot. (http://www.openhoney.org/)

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS:

Our engagements during the year, besides our own internal efforts was to support individuals contacting us with request with help on how-to setup and configure their honeypots (various sorts), we think that this could be developed further and we are looking into various ways of supporting persons interested in honeypots. Hopefully this will also work as a recruitment base for future members.

FINDINGS:

As our research was very limited last year so was the results. One of the main reasons for that is described below in the goals section.

GOALS:

Our main goal for 2013 was as described above, to gain visibility into attacks occurring both locally in Sweden but also abroad. One step to achieve this was to install a base of honeypots that would collect this information. Despise some lack of hardware we managed to get a fair amount of installations and lots of insight while doing this.

The other goal was to make sense of the collected data, in this effort we did not fulfil our goals, as our initial solution did not meet our needs. But with that being said this was also part of our learning process and we aim to meet the goal during next year. We did one report release (as a PoC, very limited) last year (http://honeynetproject.se/research/)

During 2014, we aim to continue to grow in the amount of installations; we have had some hardware donations from a generous member, which we will put to use. Also we are having discussions with some supporters for more installations as well.

We will also continue our effort in collecting and analysing collected data. This effort is also make possible thanks to donated hardware.

With that in place we hope to be able to continue the use of other types of honeypots and implement some of our other ideas.

If possible we will also try to make ourselves available to make some presentations, an effort that will be made possible if we have something to show (like the collected data)

MISC:

http://www.honeynetproject.se

Global Glastopf statistics for May 2014

During the month of May the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1859863

Filenames (RFI) - 10 most popular during the period:

Hash: Hits:
48101bbdd897877cc62b8704a293a436 2425
4997ed27142837860014e946eed96124 2050
d070c4cccf556b9da81da1e2de3cba54 644
3cc11c8fa7e3e36f0164bdcae9de78ec 330

Global Glastopf statistics for April 2014

During the month of April the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1325919

Filenames (RFI) - 10 most common during the period:

Hash: Hits:
F8a4da2e35b840891335d90cb48a6660
b8cbfe520d4c2d8961de557ae7211cd2 1072
3cc11c8fa7e3e36f0164bdcae9de78ec 998
7de0bcb903eaba7881c6d03a8c7769a8 682
Syndicate content