Honeynet
This page contains updates and information regarding the project Honeynet@home.
What is it?
The Honeynet@home has kicked off full blast! We will be releasing packet captures of specific traffic logs to and from the Honeynet. The goal is to give a reference point to packets and associated attacks. Check out the first 4 captures!
Honeynet IIS Logs 2003
IIS logs will be posted here through the month of January. This is a good test to see if you can recognize specific attacks and entries you see in these logs.
Honeynet Project Launch
Mrcorp.net is proud to announce the official launch of the Honeynet@home project. We have prepared a "Scope of project" document that outlines and describes our goals with this project.
Honeynet Logs
Posted is the log file from Honeypot #2. This is on a different network with a different ISP than previous. This was taken from November 17.
Honeynet Logs
More logs from one of the Honeypots in the honeynet are posted for your review. Can you identify all the types of attacks in these logs? Nothing out of the ordinary on this server, however, we will be providing some indepth discussion on some attacks we have seen on another honeypot. The articles will include logs from the OS, screen shots fo some of the affects and ethereal packet traces to show detail November 12, November 13, and November 14. Additionally, we are working on a format that will make viewing these easier.
Honeynet Logs
Two sets of logs from November 6th and November 7th are available for your viewing. They outline the aattacks that have taken place against one of the Honeypots in our Honeynet.
Statistics for Honeypot
Statistics for week ending 10/20/2002 for the First Honeypot in the Honey@home project have been posted. These statistics highlight attacks on a home PC. In addition, the first test of a popular peer to peer tool, Kazaa, is also shown.
Free Honeypot Software Review
A new project we are starting upon request is a personal Honeypot software review. THis project will review many of todays popular free Honeypot software available. We have begun testing some of the products on the Honeynet@home project and will provide our opinion of each of the products. We have posted a preliminary sample for review. The project will be located under the Honeynet@home section. The first package up for review is THP (Tiny Honeypot)
IIS Logs show FORMMAIL.PL Attempt
The IIS logs of one of the honeypots in the Honeynet@home project logged a unique attempt for the project. I have posted the log entires in their entirity for your viewing pleasure.
Comcast DNS server Scan?
Reviewing the Firewall logs today, we noticed something strange. Comcast DNS server appears to have performed a sequential, UDP port scan on one of the honeynet servers.. A copy of the firewall log can be seen here.
Introduction to Tripwire on Linux
The first of a series on Tripwire, a Host Based Intrusion Detection tool, is almost complete and up for preview. The document is called "Tripwire Intro on Linux".
Firewall Logs
The Firewall log file updates havent been complete yet, but to get a sample of what you will see, click on the "Firewall Logs" on the left.
SnortSnarf Live Update
Due to some upgrades, the snortsnarf logs are not veiwable at this time. We will be launching a complete site with tools designed to let you view the action live!
Nessus Scan in IIS Logs
Ever wonder what a Nessus Scan would look like in IIS 5.0 logs? See the logs here.
SnortSnarf Live
SnortSnarf has been deployed in conjunction with Snort. This powerful tool allows the snort logs to be translated into HTML pages for you, the readers. The logs will be updated every 30 minutes, all the time. This allows you to follow the Honeynet project more closely, and perhaps compare to your own systems. The SnortSnarf page can be found here.
Honeynet@home Violation #1
While we are in the process of finalizing the Honeynet@home project, one of our servers was recently violated. The violation is common but the remedy can be elusive. We invite you to recommend a cleanup strategy to this attack! Detailed logs and screen shots can be found here.
Log Snapshots
As we are in the process of setting up the Honeynet@Home project, we are running test of our configurations. One of the configurations we recently looked at was our Firewall Logs. We found this to be somewhat humorous and decided to share it with you. This is strictly for educational use.
