Current setup(s): ---------------- GenII, FreeBSD 4.6 victim server, Linux IDS/sniffer, Linux GenII bridge, bash/sh logger, honeypot remote syslog, snort-inline, snort-1.9, ACID, tcpdump, iptables, etc Previous setup(s): ---------------- http://www.netforensics.com/honeynet1.html GenII, all-Linux setup, bash logger, local LKM keylogger, honeypot remote syslog, snort-inline, snort-1.9, ACID, tcpdump, iptables, etc Findings/developments this quarter: ---------------------------------- Honeynet developments: -sh patch developed to log sh keystrokes on FreeBSD -FreeBSD honeypot implemented -multiple openssl attack analysis -local exploit analysis Publications: -upcoming paper on LinuxSecurity.com (almost done) -GCIH certification practical based on honeynet research (to be posted) -Chapter 4 "GenI" Honeypot implementation for the "KYE II" book Plans for next quarter: ---------------------- -further development of *BSD deployment as victim -FreeBSD kernel keylogger research -OpenBSD victim (depends upon how FreeBSD will fare) -csh shell logging patch for FreeBSD (and maybe other OS) -"better attackers" research folloing the initial document