Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Release of Sebek version 3

from [Edward Balas] Network Security [Permanent Link]
Subject: Release of Sebek version 3
Date: Wed, 18 May 2005 07:55:10 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

The Honeynet Project and Research Alliance are excited
to announce the availability of the first version 3
Sebek client.  This new version is compatible with the
new Roo Honeywall / Gen III Honeynet architecture and
includes the ability to monitor user input, identify network
connections made by processes and record relationships between
processes. Such abilities are integral to the new data
analysis capabilities within the Roo Honeywall's  Walleye
data analysis interface


What is Sebek:

 Sebek in a kernel based monitoring tool originally built to
 circumvent session encryption and monitor user input.  It
 has been expanded to monitor other aspects of the system
 which aid in honeynet data analysis.  Think of it as a
 Honeypot's black-box.

Whats New in version 3:

 Sebek version 3 clients help create a more unified view of
 host and network activity.  This is accomplished with the
 addition of new monitoring techniques:

 - Process Tree Monitoring.

 - Socket tracking to relate host and network activity.

 - File Opening monitoring to identify all files opened by
   a process.

 A more in depth discussion of underpinnings of the GenIII
 Honeynet design and the corresponding Sebek version will be
 presented at this year's IEEE Information Assurance Workshop
 at West Point, NY on June 15-17.  A draft of the paper is
 located at:

       http://www.honeynet.org/papers/individual/model.pdf


Available Clients:

 Currently, only the Linux 2.4 client is available, others
 such as win32 and Linux 2.6 will be available soon we hope.


Download:

 Linux 2.4 Client:

 http://www.honeynet.org/tools/sebek/sebek-linux-3.0.3.tar.gz



 Server:

 It is recommended that the Roo Honeywall be used as an
 analysis platform for this version of Sebek.  Roo has
 Sebekd, the Hflow data fusion tool and the Walleye data
 analysis interface pre-installed.  However if you want
 to just run the collector then the following will suffice:


 http://www.honeynet.org/tools/sebek/sebekd-3.0.3.tar.gz


Enjoy!

Edward Balas
Advanced Network Management Lab
Indiana University.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFCizsulKB5oSzVKwoRAnLsAJ44nmOQmkBIyAyLxd1CYRoREVFt+wCgjiDv
O4Tz+HYUGFUGQz0dWnCshjk=
=Q/A9
-----END PGP SIGNATURE-----

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Release of Sebek version 3, Edward Balas <=
Previous by Date:  Re: flow of packet from iptable to snort_inline, Will Metcalf
Next by Date:  Vulnerability vs. Exploit signatures and IPS??, Jacob Winston
Previous by Thread:  Checkpoint SmartDefense, Fergus Brooks
Next by Thread:  Vulnerability vs. Exploit signatures and IPS??, Jacob Winston
Indexes:  [Date] [Thread] [Top] [All Lists]