The Distributed Honeynet Project

The DHP closes it's doors

2006-12-10T04:00:00.000-08:00

Unfortunately all good things must come to an end. With reluctance I am officially decommissioning the Distributed Honeypot Project. We had a great run over these past five years but I have shifted priorities in my life and now it's time to move on.

The research we have done will remain accessible at this site. If you'd like to see some of the other projects I am working on, please visit http://www.andrewlamb.org or http://www.lucidic.net.

Again, thanks to everyone who participated and made this a truly enjoyable journey.

To new times,
Andrew Lamb

Survey of Trends in Honeypot Technology Users

2006-03-07T21:08:00.000-08:00

As honeypot and honeynet technologies continue to mature, it is important for the security community to understand what honeypot user’s need are, and what level of abilities they have with technologies. When the security community understands these needs and abilities, they may better serve new technology and service solutions to honeypot users. A survey was conducted among the SecurityFocus.com Honeypot mailing list to ascertain the level of expertise in several honeypot technologies and the types of technologies that were being used “out in the field”. The results show that most users are interested in new bleeding-edge technologies, and that they run a few honeypots to mimic production systems for their own personal interest to see what kind of malicious traffic may be entering their network(s).

Lucidic.net, the Distributed Honeypot Project, announces a site redesign

2005-10-27T15:39:00.000-07:00

Hello,

Our site is currently being renovated. Please view previous news entries for links to our research papers.

Thank you,

Project Coordinator
Andrew Lamb

Creating Virtual Honeynets with Connectix Virtual PC 5.2

2004-04-30T21:00:00.000-07:00

As network and host-based security becomes more of an interest and concern for organizations, researchers and businesspeople alike are looking for effective network security solutions. One solution that has gained a substantial amount of attention in the last half-decade is the synthesis of virtual machine technology with the data collection and containment techniques seen in honeypots. This paper's aim is to continue the development of these two technologies by showcasing a specific software solution adapted to the use of honeypotting. Discussion in this paper is on the use and feasibility of Connectix's Virtual PC 5.2 virtual machine software for use as a network intrusion detection and analysis honeynet.

Basic Methods of Allowing Access to Your Honeynet

2003-01-31T21:00:00.000-08:00

"So you want to run a honeynet, but you're not sure where to start. One of the first things you have to decide before you can really do anything is what method of access will you be allowing hackers to use to reach your honeypot. This may seem like nothing important but in fact it plays a huge role in dictating what types of hackers will take the bait and what types of things they will be able to do after they've broken in. One of the difficulties of running a honeynet is you can't dictate ahead of time exactly who will hack you, what their skill level will be, and what they will do once they get in (after all, the fun part is not knowing these things and then figuring them out as they happen). However, by choosing the correct method of honeypot access you want to provide (which is covered in this paper), you will be able to have some influence over who hacks you and what they will be able to do. Think of it as using the right bait for the right fish." - Michael Anuzis

Incident Analysis of Compromised OpenBSD 3.0 Honeypot

2002-06-30T21:00:00.000-07:00

"This was the first honeypot I've ever decided to run. I had long drawn out plans for implementing the perfect honeynet, but sadly some of the hardware that was donated to me at the time was given in non-working condition so I wasn't able to implement the honeynet of my dreams. It seems likely there would be other people out there interested in running a sophisticated honeynet, but who lack all the desired equipment and so they think it cannot be done. This paper has been written to show you otherwise!" - Michael Anuzis

Babysteps With A Honeypot

2002-03-31T21:00:00.003-08:00

"This document describes the build and running of my first honeypot. It was based heavily on the work done by Lance Spitzner and his colleagues of the HoneyNet project. The aim of my first deployment was to start gaining some experience in the handling of honeypot technologies, rather than concentrate on actual hacker activity." - Mark Cooper

Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot

2002-03-31T21:00:00.002-08:00

"This was the fourth honeypot system I had put into production, my honeypot had been offline for a couple weeks prior to this incident while I made a few changes to the way syslog worked and installed a bash keystroke logger. If you want to learn more details on how I set-up my honeypot then please read my paper describing my particular method of implementation." - Stephen Holcroft

Design Of A Default Redhat Server 6.2 Honeypot

2002-03-31T21:00:00.001-08:00

"The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems. The methods used are similar to themethods used by the Honeynet Project." - Stephen Holcroft

Proof-of-Concept for Amalgamated Honeynets

2002-02-28T21:00:00.000-08:00

Imagine having the ability to deploy an entire honeynet system on a single machine, complete with data control and data capture. The focus of this paper outlines a proof of concept that such a system is possible. Design and configuration of the system is provided, along with discussion of other potential solutions.

Incident Analysis of a Compromised NT Honeypot

2001-11-30T21:00:00.000-08:00

This paper is an account of my first experience with designing a honeypot system. My selected audience for this whitepaper are computer security enthusiasts with a working knowledge of basic Internet protocols as well as NT functionality.