It's time to update your Honeynet technologies toolbelt!
While the Storm Center handlers make an effort in the timely reporting and dissemination of information regarding malware and distributed threats as they occur to keep our readers in tune with the beat of things, we can't *always* be at the cutting edge. If you have the capability of deploying new tools and infrastructure you might consider extending your efforts to grow your organizations insight and visibility into the nefarious workings of the net. Provided you choose to do so, or already have such efforts underway I suggest sharing with us any significant findings!
While this year has personally seemed a bit slow in the tools development and release arena, there has been a considerable flurry of activity in new tools and update releases in the publicly available and commonly used Honeynet tool suites. I'm suddenly having trouble keeping up my own infrastructure with building and deploying these releases. Here are a few of the recent significant updates.
- The python based honeysnap client is making a fresh debut at v1.0.1 and offers some reasonably nice post-processing and text based reporting on packet capture. The Honeysnap tool can be used standalone outside of a Honeynet environment or blends nicely with any pre-existing Honeywall deployments. I 'like' it.
- A favorite is the Nepenthes malware collector that grew up with mwcollect, and after combined efforts this year we've been bestowed with the recent point release of v.20.
- While the Honeywall has not released updates lately, there has been some significant development effort exerted this year within the project. I'm personally hoping the next generation makes a public release very soon.
- There has not been any fanfare lately but there has been some motion in the Mitre Honeyclient project. Honeyclient code has been made available for download and a fair amount of documentation is published in the project wiki.
- Of note, but with no insight into why it may have occurred, the Mitre honeyclient project has just recently migrated from away from the mitre.org domain out to new hosting.
- You should really consider deploying this type of technology if you'd like to 'literally' drive your browser crazy. Go find some some new badness and make sure to report back on your findings.
And then there's your flow data
"A Human Honeyclient
"Handler on Duty Geotagged: nearby
Nov 28th 2006