Honeypots mailing list archives
RE: results of the first honeyd challenge (dynamic honeynet?)
From: "Compton, Rich" <RCompton () chartercom com>
Date: Mon, 31 Mar 2003 00:09:30 -0600
Reading all of the great entries from the honeyd challenge gave me an idea for a dynamic honeynet. The problem that I have implementing a honeypot is that it takes up IPs. I have to reconfigure the honeypot as soon as I need one of those IPs that's assigned on the honeypot. Wouldn't it be nice to have a honeynet that looks for IPs in a subnet that are not used (maybe by trying to ping them) and then creates a honeynet for just those IPs. The honeypot could then see when one of those IPs are being used and remove it from its configuration. I'm not sure how it would identify IPs being used when an IP gets statically assigned (maybe thru arp?) but I've got an idea on how to identify when IPs are in use in a enviroment with dhcp. The honeypot could be running snort and be looking for bootp messages from the dhcp server. When snort sees a dhcp offer for a particular IP it could log it and then something like logwatch could fire off a script to reconfigure honeyd with a modified config file removing that IP. In this way, the honeynet could dynamically grow or contract based on the supply of unused IPs. Maybe this could also work with the labrea tarpit? Any thoughts? -Rich Compton -----Original Message----- From: Niels Provos To: honeypots () securityfocus com Sent: 3/22/2003 1:58 PM Subject: results of the first honeyd challenge On February 17th, we announced the first Honeyd challenge and asked the community to improve Honeyd by creating useful feature additions. One month later we received eight submissions which were evaluated by the judges during the last week. While eight submissions is a small number compared to the challenges of the Honeynet Project, we were still impressed by the novelty of the solutions and the amount of time that the contestants put into the Honeyd Challenge. The best submissions included a pattern detection engine for the network traffic passing through Honeyd and a tool that builds random, realistic Honeyd configuration files. We also received submissions for a graphical user interface, a port of Honeyd to Windows and many more. You can find the results of the challenge at http://www.citi.umich.edu/u/provos/honeyd/ch01-results/ Once again, I would like to thank everybody who participated in the challenge. As a result of this challenge, the community has received several new service emulations, new configuration tools and many novel ideas on how to use Honeyd. Sincerely Niels Provos.
Current thread:
- RE: results of the first honeyd challenge (dynamic honeynet?) Compton, Rich (Mar 31)
- RE: results of the first honeyd challenge (dynamic honeynet?) Jose Nazario (Mar 31)
- RE: results of the first honeyd challenge (dynamic honeynet?) Mario Sergio Jr. (Mar 31)
- Re: results of the first honeyd challenge (dynamic honeynet?) Wim Mees (Mar 31)