The Chapter was created in September 2011, although most members of this chapter work with honeypots since 2001 and were part of another chapter in the past.
In the Distributed Honeypots Project we developed some tools to emulate the SIP protocol. Regarding data analysis, instead of focusing in the scanning/reconnaissance aspects, the focus was on analyzing only the characteristics of the INVITE messages. Together with a CERT.br staff member we worked in the analysis of all call attempts. The analysis of data collected between September 2011 and September 2012 will be published next December at the Usenix ;login: Magazine.
In the SpamPots Project we finished the restructuring of our data capture and collection infrastructures. This also led to graduate students working on spam analysis to change some data analysis systems to accommodate bigger data volumes. Also, we have deployed two new
sensors in cooperation with the the UK Chapter.
The 2 most attacked services in our network of 50 honeypots are SSH and SIP.
Regarding abuse of the Internet infrastructure to send spam we are continuously seeing the abuse of SOCKs proxies, a behavior that hasn't changed since we started the project in 2006.
Use of honeypots for Network Monitoring and Situational Awareness
Buenos Aires 2012 FIRST Technical Coloquium, August 2012, Buenos
honeyTARG Chapter Activities
2012 Honeynet Project Security Workshop, March 2012, SF Bay Area, US
Anatomy of SIP Attacks
João Ceron, Klaus Steding-Jessen, Cristine Hoepers
To be published at the December 2012 Usenix ;login: Magazine
Past year: review our infrastructure and organize our Projects in our new Chapter.
Next year: focus more on data analysis and visualization of attacks and trends.