The Honeynet Project

GSoC 2011 #8 project's goal was to add forensics features to the popular Wireshark network analyzer.

Overview

Wireshark is an open source network analyzer widely used for network debugging as well as security analysis. Wireshark provides network
analyzer with graphical interface as well as command line tools.
Wireshark also provides network protocol decoders and support filters that allow to search through packets with keywords.

GSoC plugins extend Wireshark capabilities when Wireshark is used to analyze network traffic with security and forensic in mind.

The Beta version of HoneySink is out!

What is HoneySink?

HoneySink is an open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network.

Able to be deployed both internally and externally it is designed to log and respond to incoming requests for a number of network protocols.

With configuration and scalability in mind, HoneySink was designed from the ground up with a non-blocking architecture to handle extremely large amounts of traffic while being able to perform customised interactions and logging.

By now, what I have done for Capture-HPC is:

Project Description:
Proposed Capture-HPC Description

Capture-HPC is a high-interaction client honeypot that is capable of seeking out and identifying client-side attacks. It identifies these attacks by driving a vulnerable client to open a file or interact with a potentially malicious server. As it processes the data, Capture-HPC monitors the system for unauthorized state changes that indicate a successful attack has occurred. It is regularly used in surveys of malicious websites that launch drive-by-download attacks.

Last year the Honeynet Project entered Google Summer of Code (http://socghop.appspot.com/gsoc/program/home/google/gsoc2009) for the first time. We received 9 Google funded student places and also funded 3 more places of our own, all of whom successfully completed their projects in a wide range of areas of open source security R&D. You can find out more in our Google SoC 2009 section of our website (https://www.honeynet.org/gsoc).

Hi all:
       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:
 
http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs
 
        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.

Mid-term Report on PHoneyC GSoC project 1

    One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the signature generator: A clustering engine that groups similar attacks into classes, and a signature assembler that extracts common features and selects some of them for the actual signature.

Hi folks:

      I have done some basic shellcode and heapspray detection codes in the phoneyc's 'honeyjs' javascript engine (based on python-spidermonkey, with extra tracing and auditing works). And also I have made a presentation on the local honeynet chinese chapter last weeked. Details about my current approaches can be found on this slide: http://is.gd/J9QP

Z. Chen (Joyan)

Hello, this initial blog post is used to introduce me and to provide a brief overview of my GSoC Project.

My name is Lukas Rist (my personal blog) and I am currently studying Math and Physics at the University of Kaiserslauter in Germany. This is my first time in GSoC and I will be working with Thorsten Holz on Glastopf, a Web Application Honeypot.