HoneyNED 2013 report

Organisation

Although individual members were present at Honeynet project meetings
for years it was in 2013 that finally the Dutch honeynet chapter
was founded. HoneyNED is a Dutch community of IT Security enthusiasts
with a shared interest in Honeypot technology. Goals of this chapter
include:

Blog about IT security topics concerning .NL
Collect and analyze honeypot data and publish the results
Organize workshops
Explore and develop new honeypot technology

The current members are:
Rogier Spoor (chapter lead 2014)
Ernest Neijenhuis (chapter lead 2013)
Dave Woutersen
Gert Vliek
Leon van der Eijk
Tarik El Yassem
Wim Biemolt
Claudio Guarnieri

Deployments
-Setup our own HoneyNED.nl website
-A new HoneyspiderNetwork version has been deployed. The software is
also available under open-source license thanks to NASK/CERT Polska and National Cyber Security Centre (Netherlands)
-Collected 8673 samples with a SURFids set-up with Kippo, Dionaea,
Glastopf and Amun

Research and Development
-DDOS attacks are occuring more often on the internet. This is a big
issue for webhosters, ISP's and commercial companies. Our chapter has
recruited two students who will research DDOS attacks in live netflow
data. Target of this research is to better detect the various types of
DDOS attacks (chargen, ntp, DNSsec...).
-A student used machinery
learning algorithm on the Kelihos sinkhole logging (Tillmann's work ). A
report of his work will be available in February.
-A university research project focused on machine learning
algorithm has analyzed the Kelihos sinkhole logging. Results will be
available on a short notice. Our chapter will guide these researchers
and provide them Malware/bots and a hosting/testing environment for
further analysis.
-Knowlegde has been gathered about how to safeguard privacy in the case
that parts of botnet data is personal data. Our chapter has explored the
possibilities to restrictedly share botnet data.

Papers, Presentations and Community Engagements
-The two DDOS research students will publish a paper beginning of February.

Goals 2014
-Malware sample analysis (dropper analysis, .. etc)
-Various honeypot deployments and create a malware lab environment based
on Openstack. Openstack enables us to (amazon-like) easy deploy test
machines.
- An university researcher in the Netherlands is raising funds for an
IP-spoofing research project. Members of our chapter will endorse this
research and provide input/feedback about how this research should be
guided. One of the ideas is to use a world-wide sensor net in order to
(better) detect IP-spoofing.

Misc activities

Mentoring