Old honeybird website (until mid 2009)
Hi Honeynet Project,
Our honeynet project established in 2007, it was co-operated with PISA (http://www.pisa.org.hk) and local educational institutes. Currently, there is 5 members (Alan, Daniel, Peter, Roland and Wallace) involve on this project, we use our spare time to set up and maintain the honeynet. Our objective is
1.Learn the hacker tracks involved in the attacks.
Thanks to everyone at the Honeynet Project for bringing us on board. We look forward to get to know and communicate with each others.
Here is some words from our team members:
Peter Cheung: “My name is Peter Cheung and started the honeynet a year ago. Interested in hacker behavior, motivation, tools and technique. I hope this project also can raise public aware in infosec”.
Roland Cheung: “My name is Roland Cheung and joined the honeynet for a year ago. Interested in Malware analysis and forensic. It is exciting to join the Honeynet Project and hope we can share our techique and informatin from each others.”
Sebek is to capture all of the attackers activities (keystrokes, file uploads, passwords) then covertly send the data to the server.
I tried to install sebek to the Linux machine but a problem occurred on "configure" stage, the error messages as below:
the problem seems cannot find af_packet.c but I had already install kernel-source package and also use gcc-4.x or gcc-3.x verion to compile. Under /lib/modules/2.6.11-1.1369_FC4/build/net/packet/ , I only find a Makefile file. Do you know which software package include the af_packet.c or Do you have experience on similar problem when compile software on Linux?
A GPG key for Honeybird.hk is generated for secure communication with other parties or organization.
Fingerprint: 16A9 95A0 F683 6944 E912 212F A40A 13F0 C4DD 5E66
The key was generated by the OpenSource software Gpg4win
This is a distribute honeynet and we can make use of this concept to replicate the roo mysql to our remote syslog for analysis.
Add these 2 modules at /etc/walleye/httpd.conf
Restart the apache :
Add .htaccess at /var/www/html/walleye/
(where username is the username you are testing)
To unlock the account for the above reson:
If you have simply (or also) forgoten the passwd for USERNAME:
Use 10 to 17 chars and would not work.
Try 8 and 9 chars will work fine.
Honeybird 2008 status report.
Port 80 had became top scanned port in Honeybird since 6/Jan/2009. It took over the leading position of SQL 1433 / 1434.
Top 10 Scanned Ports:
Splunk free version installed to help analysis the data.
These 2 sites have explain how-to add a login box for free edition. Some more steps added :
1. Bind the splunk to run on 127.0.0.1:8000 . Default it is bind to all IP.
2.Configure Apache to listen Your IP 188.8.131.52:8000
Then follow the steps in either these sites: