Honeypots mailing list archives
No subject
From: cvasilak () freemail gr (Christos Vasilakis)
Date: Tue, 20 Apr 2004 11:47:58 +0300
Hello, Currently i am studying computer networking and i am in the process of choosing a research topic. A friend of mine, who has worked on "Honeynet" project before, told me about it and the last few days i am spending reading papers, articles about Honeynet. Because I have some experience in programming before, i am interested to write a GUI front-end that will be able to analyze data captured from Honeypots i.e. IPTables logs, tcpdump logs, and keystroke activity. As i have seen from the project web site, people often use different programs to analyze data. It would be nice if there was a tool that will be able to combine functionality in one program that will be ease to use and more specific oriented on analysing Honeynet data. I know that a project called Honeynet Inspector is under development but it wouldn't harm one more option. The program is going to be released as GPL licensed. My questions to the list are: a) Cause i don't have some experience(but willing to study) using the logs, what are the patterns that can be extracted when performing analysis of data. The questions asked during the "challenge of the month" is a good starting point i think. c) What do you think the basic functionality should include? d) Any good starting points that would you like to mention. I am thinking on using a database as a back end, so it will be more flexible to create queries. A set of standard queries will exist based on some basic functionality that must be included, and then the user could be able to add its own query for his/her specific analysis task. I would be glad to hear your comments and suggestions on this. Regards, Christos ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking.
Current thread:
- No subject Christos Vasilakis (Apr 20)
- Re: No subject Rick S. (Apr 20)