Release of Sebek version 3

• Previous message: Will Metcalf: "Re: flow of packet from iptable to snort_inline"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 May 2005 07:55:10 -0500
To: focus-ids@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

The Honeynet Project and Research Alliance are excited
to announce the availability of the first version 3
Sebek client. This new version is compatible with the
new Roo Honeywall / Gen III Honeynet architecture and
includes the ability to monitor user input, identify network
connections made by processes and record relationships between
processes. Such abilities are integral to the new data
analysis capabilities within the Roo Honeywall's Walleye
data analysis interface

What is Sebek:

 Sebek in a kernel based monitoring tool originally built to
 circumvent session encryption and monitor user input. It
 has been expanded to monitor other aspects of the system
 which aid in honeynet data analysis. Think of it as a
 Honeypot's black-box.

Whats New in version 3:

 Sebek version 3 clients help create a more unified view of
 host and network activity. This is accomplished with the
 addition of new monitoring techniques:

 - Process Tree Monitoring.

 - Socket tracking to relate host and network activity.

 - File Opening monitoring to identify all files opened by
   a process.

 A more in depth discussion of underpinnings of the GenIII
 Honeynet design and the corresponding Sebek version will be
 presented at this year's IEEE Information Assurance Workshop
 at West Point, NY on June 15-17. A draft of the paper is
 located at:

       http://www.honeynet.org/papers/individual/model.pdf

Available Clients:

 Currently, only the Linux 2.4 client is available, others
 such as win32 and Linux 2.6 will be available soon we hope.

Download:

 Linux 2.4 Client:

 http://www.honeynet.org/tools/sebek/sebek-linux-3.0.3.tar.gz

 Server:

 It is recommended that the Roo Honeywall be used as an
 analysis platform for this version of Sebek. Roo has
 Sebekd, the Hflow data fusion tool and the Walleye data
 analysis interface pre-installed. However if you want
 to just run the collector then the following will suffice:

 http://www.honeynet.org/tools/sebek/sebekd-3.0.3.tar.gz

Enjoy!

Edward Balas
Advanced Network Management Lab
Indiana University.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCizsulKB5oSzVKwoRAnLsAJ44nmOQmkBIyAyLxd1CYRoREVFt+wCgjiDv
O4Tz+HYUGFUGQz0dWnCshjk=
=Q/A9
-----END PGP SIGNATURE-----

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

• Previous message: Will Metcalf: "Re: flow of packet from iptable to snort_inline"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]