Honeypots: No subject

[cvasilak () freemail gr (Christos Vasilakis)]

Hello,
Currently i am studying computer networking and i am in the process of choosing a research topic. A friend of mine, who 
has worked on "Honeynet" project before, told me about it and the last few days i am spending reading papers, articles 
about Honeynet.

Because I have some experience in programming before, i am interested to write a GUI front-end that will be able to 
analyze data captured from Honeypots i.e. IPTables logs, tcpdump logs, and keystroke activity. As i have seen from the 
project web site, people often use different programs to analyze data. It would be nice if there was a tool that will 
be able to combine functionality in one program that will be ease to use and more specific oriented on analysing 
Honeynet data.

I know that a project called Honeynet Inspector is under development but it wouldn't harm one more option. The program 
is going to be released as GPL licensed.

My questions to the list are:

a) Cause i don't have some experience(but willing to study) using the logs, what are the patterns that can be extracted 
when performing analysis of data. The questions asked during the "challenge of the month" is a good starting point i 
think.
c) What do you think the basic functionality should include?
d) Any good starting points that would you like to mention.

I am thinking on using a database as a back end, so it will be more flexible to create queries. A set of standard 
queries will exist based on some basic functionality that must be included, and then the user could be able to add its 
own query for his/her specific analysis task.

I would be glad to hear your comments and suggestions on this.

Regards,
Christos

 


____________________________________________________________________
http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου.
http://www.freemail.gr - free email service for the Greek-speaking.