Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Release of Sebek version 3

From: Edward Balas <ebalas () iu edu>
Date: Wed, 18 May 2005 07:49:13 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

The Honeynet Project and Research Alliance are excited
to announce the availability of the first version 3
Sebek client.  This new version is compatible with the
new Roo Honeywall / Gen III Honeynet architecture and
includes the ability to monitor user input, identify network
connections made by processes and record relationships between
processes. Such abilities are integral to the new data
analysis capabilities within the Roo Honeywall's  Walleye
data analysis interface


What is Sebek:

 Sebek in a kernel based monitoring tool originally built to
 circumvent session encryption and monitor user input.  It
 has been expanded to monitor other aspects of the system
 which aid in honeynet data analysis.  Think of it as a
 Honeypot's black-box.

Whats New in version 3:

 Sebek version 3 clients help create a more unified view of
 host and network activity.  This is accomplished with the
 addition of new monitoring techniques:

 - Process Tree Monitoring.

 - Socket tracking to relate host and network activity.

 - File Opening monitoring to identify all files opened by
   a process.

 A more in depth discussion of underpinnings of the GenIII
 Honeynet design and the corresponding Sebek version will be
 presented at this year's IEEE Information Assurance Workshop
 at West Point, NY on June 15-17.  A draft of the paper is
 located at:

       http://www.honeynet.org/papers/individual/model.pdf


Available Clients:

 Currently, only the Linux 2.4 client is available, others
 such as win32 and Linux 2.6 will be available soon we hope.


Download:

 Linux 2.4 Client:

 http://www.honeynet.org/tools/sebek/sebek-linux-3.0.3.tar.gz



 Server:

 It is recommended that the Roo Honeywall be used as an
 analysis platform for this version of Sebek.  Roo has
 Sebekd, the Hflow data fusion tool and the Walleye data
 analysis interface pre-installed.  However if you want
 to just run the collector then the following will suffice:


 http://www.honeynet.org/tools/sebek/sebekd-3.0.3.tar.gz


Enjoy!

Edward Balas
Advanced Network Management Lab
Indiana University.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCiznJlKB5oSzVKwoRAh/lAJ4o2pSLixHqQY8v98lF8SMhuN2XiwCgjFoO
K6h3aemB2T3VzUJSeEc5NMM=
=gRqw
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: