Global Chapter Status Report For 2008

 
ORGANIZATION 

  1. Effective February 1, 2009 William Salusky is the new chapter lead.
  2. This year was the initial year of the Global Chapter.  The chapter was created in order to include members who are geographical dispersed without a chapter in their immediate area.  Because of this, members are involved with parts or teams of the Honeynet Project that are not particular to any focus or goal of a chapter as a whole.  The current Global Chapter members are:
  • Ed Balas
  • David Dittrich
  • Fyodor
  • Nico Fishbach
  • Jed Haile
  • Ralph Logan
  • Patrick Mccarty
  • Jeff Nathan
  • William Salusky (new chapter lead)
  • Earl Sammons
  • Robert Stone
  • Arrigo Triulzi

DEPLOYMENTS

  1. The Global Chapter currently has no deployments as a group.  The members are participating in other development efforts.

RESEARCH AND DEVELOPMENT

Arrigo Triulzi: 

Patrick Mccarty:
 

  • Maintenance of Linux SEBEK--- Checked in several patches to fix compile time warnings--- Fixed bug to allow compile on kernels >= 2.6.24

 
Earl Sammons:
 

  • Helped move the Honeywall yum repo from old www to new www

 
William Salusky:
 

  • Assistance in finalizing sinkhole/tools development for release would be the bomb diggity.

 
PAPERS AND PRESENTATIONS
David Dittrich:P2P as botnet command and control: a deeper insight, by David Dittrichand Sven Dietrich, in Proceedings of the 2008 3rd InternationalConference on Malicious and Unwanted Software (Malware), October 2008("Best Paper" award winner)http://staff.washington.edu/dittrich/misc/malware08-dd-final.pdf
New Directions in Peer-to-Peer Malware, by Dave Dittrich and SvenDietrich, IEEE Sarnoff Symposium 2008, April 2008, pp. 1-5http://staff.washington.edu/dittrich/misc/sarnoff08-dd.pdf
On Developing Tomorrow's "Cyber Warriors," by David Dittrich, inProccedings of the 12th Colloquium for Information Systems SecurityEducation, Dallas, Texas, USA, June 2008
"Understanding Emerging Threats: The case of Nugache," (co-presentedwith Bruce Dang, Microsoft), SOURCE Boston conference, March 2008

Arrigo Triulzi:  http://www.alchemistowl.org/arrigo/Papers/Arrigo-Triulzi-PACSEC08-Project-Maux-II.pdf
William Salusky:

   Currently working on the "HTTP Sinkholing" paper/tools  for project release.  Assisted by Robert Danford.   "Proxybot Network threats" "non-public LE centric conference, Feb 2008" (releated to "Socks v666" Honeynet project Lite paper.)      "HTTP Sinkholing"   "Microsoft GIAIS Summit, July 2008"      "Passive Discovery of HTTP Based Malicious code"  "non-public LE centric Conference, Oct 2008"
 
Nico Fishbach:
Estonia CERT (EE-CERT) workshop - 10/Sep/08 :"Know Your Enemy, Service Provider update" (DDoS and botnets,VoIP honeypot, SSH/MySQL honeypot (content from Einar/honeynor).

GOALS

  1. Firmware Honeypots
  2. IPv6 Honeynets