Honeypots mailing list archives
Release of Sebek version 3
From: Edward Balas <ebalas () iu edu>
Date: Wed, 18 May 2005 07:49:13 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, The Honeynet Project and Research Alliance are excited to announce the availability of the first version 3 Sebek client. This new version is compatible with the new Roo Honeywall / Gen III Honeynet architecture and includes the ability to monitor user input, identify network connections made by processes and record relationships between processes. Such abilities are integral to the new data analysis capabilities within the Roo Honeywall's Walleye data analysis interface What is Sebek: Sebek in a kernel based monitoring tool originally built to circumvent session encryption and monitor user input. It has been expanded to monitor other aspects of the system which aid in honeynet data analysis. Think of it as a Honeypot's black-box. Whats New in version 3: Sebek version 3 clients help create a more unified view of host and network activity. This is accomplished with the addition of new monitoring techniques: - Process Tree Monitoring. - Socket tracking to relate host and network activity. - File Opening monitoring to identify all files opened by a process. A more in depth discussion of underpinnings of the GenIII Honeynet design and the corresponding Sebek version will be presented at this year's IEEE Information Assurance Workshop at West Point, NY on June 15-17. A draft of the paper is located at: http://www.honeynet.org/papers/individual/model.pdf Available Clients: Currently, only the Linux 2.4 client is available, others such as win32 and Linux 2.6 will be available soon we hope. Download: Linux 2.4 Client: http://www.honeynet.org/tools/sebek/sebek-linux-3.0.3.tar.gz Server: It is recommended that the Roo Honeywall be used as an analysis platform for this version of Sebek. Roo has Sebekd, the Hflow data fusion tool and the Walleye data analysis interface pre-installed. However if you want to just run the collector then the following will suffice: http://www.honeynet.org/tools/sebek/sebekd-3.0.3.tar.gz Enjoy! Edward Balas Advanced Network Management Lab Indiana University. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCiznJlKB5oSzVKwoRAh/lAJ4o2pSLixHqQY8v98lF8SMhuN2XiwCgjFoO K6h3aemB2T3VzUJSeEc5NMM= =gRqw -----END PGP SIGNATURE-----
Current thread:
- Release of Sebek version 3 Edward Balas (May 18)