Global Chapter Status Report For 2008


  1. Effective February 1, 2009 William Salusky is the new chapter lead.
  2. This year was the initial year of the Global Chapter.  The chapter was created in order to include members who are geographical dispersed without a chapter in their immediate area.  Because of this, members are involved with parts or teams of the Honeynet Project that are not particular to any focus or goal of a chapter as a whole.  The current Global Chapter members are:
  • Ed Balas
  • David Dittrich
  • Fyodor
  • Nico Fishbach
  • Jed Haile
  • Ralph Logan
  • Patrick Mccarty
  • Jeff Nathan
  • William Salusky (new chapter lead)
  • Earl Sammons
  • Robert Stone
  • Arrigo Triulzi


  1. The Global Chapter currently has no deployments as a group.  The members are participating in other development efforts.


Arrigo Triulzi: 

Patrick Mccarty:

  • Maintenance of Linux SEBEK
    --- Checked in several patches to fix compile time warnings
    --- Fixed bug to allow compile on kernels >= 2.6.24

Earl Sammons:

  • Helped move the Honeywall yum repo from old www to new www

William Salusky:

  • Assistance in finalizing sinkhole/tools development for release would be the bomb diggity.

David Dittrich:

P2P as botnet command and control: a deeper insight, by David Dittrich
and Sven Dietrich, in Proceedings of the 2008 3rd International
Conference on Malicious and Unwanted Software (Malware), October 2008
("Best Paper" award winner)

New Directions in Peer-to-Peer Malware, by Dave Dittrich and Sven
Dietrich, IEEE Sarnoff Symposium 2008, April 2008, pp. 1-5

On Developing Tomorrow's "Cyber Warriors," by David Dittrich, in
Proccedings of the 12th Colloquium for Information Systems Security
Education, Dallas, Texas, USA, June 2008

"Understanding Emerging Threats: The case of Nugache," (co-presented
with Bruce Dang, Microsoft), SOURCE Boston conference, March 2008

Arrigo Triulzi:
William Salusky:

   Currently working on the "HTTP Sinkholing" paper/tools  for project release.  Assisted by Robert Danford.
   "Proxybot Network threats" "non-public LE centric conference, Feb 2008" (releated to "Socks v666" Honeynet project Lite paper.)
      "HTTP Sinkholing"   "Microsoft GIAIS Summit, July 2008"
      "Passive Discovery of HTTP Based Malicious code"  "non-public LE centric Conference, Oct 2008"

Nico Fishbach:
Estonia CERT (EE-CERT) workshop - 10/Sep/08 :
"Know Your Enemy, Service Provider update" (DDoS and botnets,
VoIP honeypot, SSH/MySQL honeypot (content from Einar/honeynor).


  1. Firmware Honeypots
  2. IPv6 Honeynets