New Sebek version and Know Your Enemy(KYE) paper.

[Edward Balas <ebalas () iu edu>]

Greetings,

I am happy to announce the public release of latest version of Sebek 
and a new Know Your Enemy paper describing this version of Sebek.   
This new version provides improved collection and analysis 
capabilities. The KYE paper details the design and usage of this system.

What is Sebek:

Sebek is the primary tool developed by the Honeynet Project for the 
capturing of attackers activities on a honeypot. The system consists  
of a client and server;  the client runs in the kernel on the honeypot 
collecting data, the server runs remotely and analyzes the data from 
the client.


What can Sebek do for me:

Sebek allows you to circumvent session encryption by capturing data 
within the kernel after it has been decrypted by the system.  This 
allows for the capture of keystrokes even when intruders uses SSH, the 
recovery of files copied using SCP, and the monitoring of activity on a 
host that does not correspond to network activity(such as worms etc).


What OSs are supported by the Client?

        - Linux 2.4.x kernels
        - Solaris 2.8 2.9
        - soon we will have a win32 and OpenBSD version.


What is new in this version?

   Webpage:
        - We now have a dedicated Sebek page:
                http://www.honeynet.org/tools/sebek/

   Server:
        - platform independent binary packet format now used.
        - ability to store Sebek data in Mysql database.
        - Web based analysis interface.

   Linux Client:
        - Supports new data format.
        - revised to build more reliably on newer kernels.
        - can record all sys_read data now
        - improved handling of reads with data > MTU size.
        - more installation options
        
   Solaris client:
        - Supports new data format.




Where can I get Sebek?

        http://www.honeynet.org/tools/sebek


Where can I get the KYE Paper?

        http://www.honeynet.org/papers/sebek.pdf




Thank you for your time,

Edward Balas