Global Chapter Status Report For 2008
ORGANIZATION
- Effective February 1, 2009 William Salusky is the new chapter lead.
- This year was the initial year of the Global Chapter. The chapter was created in order to include members who are geographical dispersed without a chapter in their immediate area. Because of this, members are involved with parts or teams of the Honeynet Project that are not particular to any focus or goal of a chapter as a whole. The current Global Chapter members are:
- Ed Balas
- David Dittrich
- Fyodor
- Nico Fishbach
- Jed Haile
- Ralph Logan
- Patrick Mccarty
- Jeff Nathan
- William Salusky (new chapter lead)
- Earl Sammons
- Robert Stone
- Arrigo Triulzi
DEPLOYMENTS
- The Global Chapter currently has no deployments as a group. The members are participating in other development efforts.
RESEARCH AND DEVELOPMENT
Arrigo Triulzi:
- Firmware honeypots, built upon my work in modifying the firmware of NICs (see http://www.alchemistowl.org/arrigo/Papers/Arrigo-Triulzi-PACSEC08-Project-Maux-II.pdf).
- IPv6 honeypots. Some research, mainly in attempting to figure out what is being scanned amongst my IPv6 subnet allocations.
Patrick Mccarty:
- Maintenance of Linux SEBEK--- Checked in several patches to fix compile time warnings--- Fixed bug to allow compile on kernels >= 2.6.24
Earl Sammons:
- Helped move the Honeywall yum repo from old www to new www
William Salusky:
- Assistance in finalizing sinkhole/tools development for release would be the bomb diggity.
PAPERS AND PRESENTATIONS
David Dittrich:P2P as botnet command and control: a deeper insight, by David Dittrichand Sven Dietrich, in Proceedings of the 2008 3rd InternationalConference on Malicious and Unwanted Software (Malware), October 2008("Best Paper" award winner)http://staff.washington.edu/dittrich/misc/malware08-dd-final.pdf
New Directions in Peer-to-Peer Malware, by Dave Dittrich and SvenDietrich, IEEE Sarnoff Symposium 2008, April 2008, pp. 1-5http://staff.washington.edu/dittrich/misc/sarnoff08-dd.pdf
On Developing Tomorrow's "Cyber Warriors," by David Dittrich, inProccedings of the 12th Colloquium for Information Systems SecurityEducation, Dallas, Texas, USA, June 2008
"Understanding Emerging Threats: The case of Nugache," (co-presentedwith Bruce Dang, Microsoft), SOURCE Boston conference, March 2008
Arrigo Triulzi: http://www.alchemistowl.org/arrigo/Papers/Arrigo-Triulzi-PACSEC08-Project-Maux-II.pdf
William Salusky:
Currently working on the "HTTP Sinkholing" paper/tools for project release. Assisted by Robert Danford. "Proxybot Network threats" "non-public LE centric conference, Feb 2008" (releated to "Socks v666" Honeynet project Lite paper.) "HTTP Sinkholing" "Microsoft GIAIS Summit, July 2008" "Passive Discovery of HTTP Based Malicious code" "non-public LE centric Conference, Oct 2008"
Nico Fishbach:
Estonia CERT (EE-CERT) workshop - 10/Sep/08 :"Know Your Enemy, Service Provider update" (DDoS and botnets,VoIP honeypot, SSH/MySQL honeypot (content from Einar/honeynor).
GOALS
- Firmware Honeypots
- IPv6 Honeynets
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.