The UNAM Chapter is part of UNAM-CERT, an organization established within the National Autonomous University of Mexico (UNAM).
Current chapter members:
We're using the following infrastructure as an early warning and intrusion detection system to feed into our incident response process, and also to identify emerging threats in the Internet and share this knowledge with the community.
We're currently running 12 low interaction honeypots for malware capture with 1060 public IP addresses distributed along them. All of them are running several instances of dionaea and sharing data directly to HPFeeds. Also have deployed 3 honeeboxes sensors and submitted to HPFeeds as well.
We have one honeypot running kippo and glastopf using 1000 public IP addresses. Glastopf is currently sharing data to hpfeeds.
Also we're running a Darknet with over 20,000 public IP addresses using an staggered architecture for network monitoring based on sguil, snort, argus, tcpflow and several other tools for data capture and analysis.
We have a central system called Security Telescope to process all the information gathered by our honeypots and the darknet.
This year we are no longer using high interaction honeypots due to several reasons, such as maintenance and physical resources issues.
RESEARCH AND DEVELOPMENT
We are working on the development of a spampot tool for collect and analysis of spam content like URL, attachments, source IP address, as well a Botnet tracking tool, for logging the activities of malware infected machines analyzing the commands sent by the C&C via IRC protocol.
None at this time.
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
As part of UNAM-CERT one of our main activities is incident detection and handling within our University and Mexico, that’s why we are in close contact with CSIRTs of the main ISPs of Mexico, and sharing them information about security incidents coming from their networks that we are detecting on the University network.
Every year we organize a Computer Security Congress. It's a balanced meeting which includes technical and non-technical talks. Main purposes are: to share experiences, to discuss trends and to give attendees a better perspective of computer security around mexican networks and around the world.
Not at this time.