Honeypots mailing list archives
Re: Information about Sebek 3??
From: Edward Balas <ebalas () iu edu>
Date: Wed, 04 Jan 2006 09:50:54 -0500
Jaime Sotelo wrote:
In sebek 3 there's no sbk_upload.pl but a sbk_diag.pl. I don't found anything (not even the readme file) wich reflects this. I'm trying to use sebekd.pl to do the work 2006/1/4, Jaime Sotelo <1jasotel () gmail com>:I'm looking for information about the latest version of Sebek. I've readed the Sebek 2 White Paper and founded it very useful. But I don't find anything about Sebek 3 apart from the README file in the sebekd server. Some one knows where can I find more info related to Sebek 3 and it's features and how it works, etc?? By the way I'm suposing that sebek 3 just don't change so much from the previous version 2 and perhaps it's enough for me with the sebek 2 whitepaper. Thanks
Jaime, The only paper per se on the general topic of sebek 3 is: http://www.honeynet.org/papers/individual/hflow.pdf This goes into how sebek 3 enables new types of data fusion/ analysis. In general sebek 3 is a refinement to version 2, we have started to monitor additional system calls such as fork and socket. This allows us to recreate the process tree which can act as a organizing structure for analysis. The monitoring of socket calls allows us to related specific network flows to a process, and the combination both allow us to identify related network connections. Hope that helps, Edward
Current thread:
- Information about Sebek 3?? Jaime Sotelo (Jan 04)
- Re: Information about Sebek 3?? Jaime Sotelo (Jan 04)
- Re: Information about Sebek 3?? Edward Balas (Jan 04)
- Re: Information about Sebek 3?? Jaime Sotelo (Jan 18)
- Re: Information about Sebek 3?? Edward Balas (Jan 04)
- <Possible follow-ups>
- RE: Information about Sebek 3?? Siles, Raul (Jan 17)
- Re: Information about Sebek 3?? Jaime Sotelo (Jan 04)