http://global.honeynet.org/gsoc/project6 Develop Hybrid Honeypot Architecture en http://global.honeynet.org/node/481 <p>Second milestone reached! Honeybrid has now all its functionalities working and it's time for testing. In order to check that everything works efficiently, I deployed a Windows honeypot to receive traffic from five /24 unused subnets during half an hour. Here are the details of this experiment.</p> <h4>Configuration</h4> <p>Here is a overall diagram of the testing architecture:</p> <p> <code> (Internet) <=====> [NATing Gateway with Honeybrid] <-------> [Windows Honeypot] </code> </p> <p>The NATing gateway was configured with the following iptables rules:</p><div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/gsoc/project6" class="og_links">GSoC Project #6 - Develop Hybrid Honeypot Architecture</a></li> </ul></div> GSoC Project #6 - Develop Hybrid Honeypot Architecture honeybrid gsoc testing Fri, 7 Aug 2009 14:26:20 -0400 robin.berthier 481 at http://global.honeynet.org http://global.honeynet.org/node/457 <p>This week I completed an important step which is to integrate a parser in Honeybrid. There are now two new files in the source code:</p><div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/gsoc/project6" class="og_links">GSoC Project #6 - Develop Hybrid Honeypot Architecture</a></li> </ul></div> GSoC Project #6 - Develop Hybrid Honeypot Architecture honeybrid gsoc parser Sat, 27 Jun 2009 15:03:32 -0400 robin.berthier 457 at http://global.honeynet.org http://global.honeynet.org/node/442 <p>TCP was built to allow 2 hosts to exchange a stream of packets reliably. Honeybrid must add a third host to this operation when it decides to investigate further a connection. The keys for this process to work are: 1) a replay process that gets the high interaction honeypot to the same state than the low interaction honeypot; and 2) a forwarding process that translates not only IP addresses but also TCP sequence and acknowledgement numbers. Here is how things work in detail:</p><div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/gsoc/project6" class="og_links">GSoC Project #6 - Develop Hybrid Honeypot Architecture</a></li> </ul></div> GSoC Project #6 - Develop Hybrid Honeypot Architecture honeybrid gsoc redirection Thu, 11 Jun 2009 22:45:11 -0400 robin.berthier 442 at http://global.honeynet.org http://global.honeynet.org/node/430 <p>The goal of this post is to introduce <a href="http://www.enre.umd.edu/~robinb/" target="_blank">myself </a>and my <a href="/gsoc/project6" target="_blank">project</a>: my name is Robin Berthier and I just got my PhD from the <a href="http://www.umd.edu" target="_blank">University of Maryland. </a>I'll be working this summer on improving <a href="http://honeybrid.sf.net" target="_blank">Honeybrid</a>, a hybrid honeypot architecture. I've been working with honeypot technologies for the past 4 years, and Honeybrid represents a central part of my dissertation. </p><div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/gsoc/project6" class="og_links">GSoC Project #6 - Develop Hybrid Honeypot Architecture</a></li> </ul></div> GSoC Project #6 - Develop Hybrid Honeypot Architecture honeybrid gsoc introduction Wed, 27 May 2009 12:52:15 -0400 robin.berthier 430 at http://global.honeynet.org