Honeynor Status Report - 2009/2010

ORGANIZATION

New Chapter lead: Sjur Eivind Usken (previous Einar Oftedal)

Members:

Einar Oftedal
Tor Inge Skaar - Maintenance and new sensors
Roger Carlsen - helping out with honeycloud
Atle Soma - helping out with networking setup
Morten Krakvik
Erlend Oftedal - looking into web malware, and client side attacks initiated from web sites
Lars Haukli
Øystein Fladby
(Felix Leder)

DEPLOYMENTS

List current technologies deployed.

honeywall
Several VoIPHun (SIP honeypot)
SSH honeypot (tried Kippo as well)

Activity timeline:

General progress during the year.

RESEARCH AND DEVELOPMENT

Honeycloud Setting up a private cloud for all Honeynet Members. This is currently 12 servers, but can be expanded. Working on a larger storage solution as well.

Femtocell testing Testing femtocells for security issues. Mostly the Honeynet Telecom Special Interest Group (TSIG)

Setting up automatic visits on top norwegian sites, and recording/detecting any malware in play.

CC2ASN database: a kind of inverse ip-to-country lookup service. We have blogged about this on two occations; http://www.honeynor.no/2009/06/19/country-lookup/ and http://www.honeynor.no/2010/03/23/enhanced-cc2asn/. The override definition file for the enhanced database are being reviewed and updated.

FINDINGS

SIP honeypot

The same attacks are present, but also botnets are starting to use SIPVicious and other tools.

Missing: Honeebox version 2.0 !!

PAPERS AND PRESENTATIONS

Internal presentations on SIP security for several companies.

Honeynet Project Tools presentation by Tor Inge Skaar at the ISF 2010 conference in Norway (http://www.honeynor.no/2010/09/02/isf-conference/)

GOALS

There were no specific goals for last year, but we would like to deploy Honeebox 2.0 as soon as it is ready.

Goals 2011:

Honeycloud ready (soon)
Test out the new honeywall
Get kippo up and running with a better management solution (automatic reporting etc)

MISC ACTIVITIES

Internal infrastructure maintenance and keeping server software up to date.