### Spanish Honeynet Project (SHP) ### Status report for April 2006 - March 2007 1.0 DEPLOYMENTS ================= 1.1 Current technologies deployed. Describe anything that you have deployed that is collecting information, including honeynets, client honeypots, honeyd, mwcollect, or anything else honeypot related. We have not deployed any new honeynet during this period. We have, however, made changes to the currently deployed honeypots and suffered changes to the whole infrastructure. The current SHP honeynet infrastructures are in a migration process. We are looking for a better network location and to add new honeynets/pots. 2.0 FINDINGS ============= 2.1 Highlight any unique findings, attacks, tools, or methods. We have not seen any unique attacks to the honeypots. 2.2 Any trends seen in the past six months. Due to technical problems, we were forced to stop any activities in our honeypot dedicated to gather spam information. Unfortunately, at this time we still have not enough data to work on a KYE Spammers paper. We hope to complete this job implementing a similar honeypot during the next months. 3.0 LESSONS LEARNED =================== 3.1 What new positive things can you share with the community, so they can replicate your success? 3.2 What new mistakes can you share with the community, so they don't make the same mistakes? 3.3 Are there any research ideas you would like to see developed? 4.0 TECHNOLOGY ======================= 4.1 What tools or functionality are we lacking, what do we need to work on? There is a lack of Honeynet technologies for wireless networks (WiFi, Bluetooh...). 4.2 What new tools or technology are you working on? The SHP is very interested in wireless Honeynets technologies. We've started to deploy a very basic prototype to test the collection and analysis of WiFi traffic and attacks. 4.3 Would you like to integrate this with any other tools, or you looking for help or collaboration with others in testing or developing the tool? 5.0 PAPERS AND PRESENTATIONS ============================ 5.1 Are you working any papers to be published, such as KYE or academic papers? The SHP members have actively contributed to the Alliance KYE mailing-list, reviewing papers, new document templates and other activities related to the publication of more KYE papers by the project. See details on item 5.3. 5.2 Are you looking for any data or people to help with your papers? 5.3 Where did you publish/present honeypot-related material? - "Honeynets". CAPDESI/DISI - Madrid, Spain - November 06. http://www.capsdesi.upm.es/file.php/1/descargas/ProgramaFinal_Congreso_CAPSDESI_2006.pdf - "Honeynets, Know Your Enemy". SANS Dubai 2007 - Dubai, UAE - March 07. - "Honeynets, conoce a tu enemigo". V Foro de seguridad RedIRIS - Tenerife, Spain - April 07 http://www.rediris.es/cert/doc/reuniones/fs2007/ 6.0 ORGANIZATIONAL ================== 6.1 Changes in the structure of your organization. The SHP has suffered several organizational changes during the last year. Since it was founded, the maximum number of members ever was 7. Currently, there are 4 stable team members. The SHP want to make the organization grow, so new members could be added in the coming months. 6.2 Your feedback on Alliance activities. 6.3 Any suggestions for improving the Alliance? The SHP is actively voting on the design and re-organization topics that are driving the future of the Alliance. 7.0 GOALS ========= 7.1 Which of your goals did you meet for the last six months? The Spanish Honeynet Project (SHP) is currently involved in extending the organization and making the team grow. The main goal is to increase the organization IT infrastructure, although adding new team members is also an option. With this goal in mind, we have promoted Honeynet technologies and the Honeynet Alliance in Spain, nation-wide. An interview with the whole team about the technologies, the past activities, the Research Alliance and the future of the SHP team, was performed by "El Pais" on March 29, 2007, the Spanish newspaper with the largest print run: http://www.elpais.com/articulo/portada/Trampas/Red/espian/delincuencia/cibernetica/descubrir/metodos/elpeputeccib/20070329elpcibpor_1/Tes 7.2 Which of your goals did you not meet for the last six months? 7.3 Goals for the next six months The Spanish Honeynet Project is considering get involved with The Global Distributed Honeynet with a new node in Spain (likely in Madrid). We are working on the implementation of a Honeynet closely related to wireless technologies. 8.0 MISC ACTIVITIES ==================== 8.1 Anything else not covered you would like to share. A new update to the SANS Honeynet course is in progress; it will be a 1-day course. The new version will be based on the upcoming Roo version 1.2.