OCERT Chapter Status Report for 2010

ORGANIZATION

OCERT Honeynet is operated by Threat Analysis Center Team in Oman National CERT
(OCERT) . The members are :

• Yousuf Alsiyabi
• Suliman Al Hinai

DEPLOYMENTS

We are focusing in low interaction honey pot where we deployed number of low-interaction honeypot technology:

-Dionaea : it was deployed instead of Nepenthes . Dionaea have showed great result in term of collected malware .

-Glastopf : it was deployed as web application honeypot .

-Back-end infrastructure used for logs collection and data analysis

RESEARCH AND DEVELOPMENT

• Working in Geo IP application that reflects the source IP of a recorded attack in Google map display. The application utilizes Google API to project IP address of an attack in the map to illustrate the organ of the attack.

• Searching in botnet monitoring and tracking techniques

FINDINGS:

We observe increase in the number of malware samples collected Dionaea ,where we able to collect more than 1118 unique malware samples and that show malware becomes most serious security threat. Many systems in Oman could be infected with different types malware .

GOALS:

Within 2010 :the team have successfully experimented and deployed a number of honey pot and started to analyze and classify the finding accordingly .As national CERT , it is very important to identify the infected systems within the country network in order to reduce the number of infected system’s and limit’s the spread and propagation of malware.

For 2011: We are planning to start analyzing the collected malware through the use of sandbox tools .There are a number of commercial and open source tool sets , that will be evaluated to select the best tool to serve our intended purpose .

In addition, we are planning to deploy a client side honey pot .Moreover, we are going to develop more cooperation with the local ISP and get associated with number of universities that could participate in research field .