Anton Chuvakin Honeynet

(run as a part of the Honeynet Research Alliance)
Shutdown as of 12/06/2005

Some of the raw data from this research is shared here

Goals of the project

Progress of the Project

One honeynet is deployed since March 2002. Here are some of the findings we made and things we learned:
  • Quarterly report for IV 2002
  • Quarterly report for I 2003
  • Quarterly report for II 2003
  • Quarterly report for III 2003
  • Quarterly report for IV 2003
  • Bi-annual report for 1/2 2004
  • Bi-annual report for 2/2 2004 [03/28/2005]
  • Honeynet Architecture

    Initial setup includes 3 servers on a separate high-speed connection. Network topology diagram is shown below:

  • Victim server (Linux, *BSD). Server is running www-apache/mail-sendmail/pop3/imapd/ftp/ssh-openssh/nfs/ntp/other services
  • Firewall (using modified Honeynet project iptables script, remotely managed via ssh, logs forwarded to machine 3).
  • IDS and analysis machine (Snort NIDS, Snort Spade, Bro NIDS, Argus, tcpdump, ipaudit, Shadow NIDS collector for IDABench, Honeynet Research Alliance compliant logging, mysql database, ACID, ssh for management, SIM agent, protected by host-based iptables firewall from all accesses with the exception of analyst workstation [see picture]).
  • Data control, system management, alerting and information storing is to be implemented in strict compliance with Honeynet Definitions, Requirements, and Standards document ( http://project.honeynet.org/alliance/requirements.html)

    Some honeynet research results

    Live Honeynet Status Data

    STATUS: shut down

    Papers describing my recent honeynet research and data analysis

    Presentations describing my recent honeynet research and data analysis

    My honeynet tools

    About the project


    This honeynet is run by Dr. Anton Chuvakin, as a part of Honeynet Research Alliance. My PGP key can be found here.


    Last modified: Wed May 25 11:59:50 Eastern Standard Time 2010