Re: Honeywall CDROM version 0.68 released!!

["if0ff () softhome net" <if0ff () softhome net>]

I ran into the same problem. The sebek version on the new honeywall
seems to be a newer version (Alpha) as the one on the webpage. After I
downloaded the sbk_* binaries and perl scripts from the old honeywall cd
(0.67a) to the new one, it was possible to get sebek-data without an error.

By the way, if I enable the daily summaries, the corresponding cronjob
is not added correctly. It is remarked with an #.

Nevertheless, I appriciate the great work of the honeynet.org-guys.

Best Regards

if0ff


Sean Hoffmann wrote:
> I just loaded up the new Honeywall CDROM and I'm getting an error from
> Sebek
>
> Unexpected Sebek PDU version: 1
>
> I downloaded and re-installed the Win32 2.1.5 client from
> http://www.honeynet.org/tools/sebek/ but I'm still getting the error. 
> When I boot off the old CD 0.67b it works fine.  But I get other errors
> from the Honeywall so I don't want to run it that way.  Any help would
> be appreciated.
>
> Thanks,
> Sean
>
> Rob McMillen wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > The Honeynet Project is proud to release an update to the Honeywall CDROM
> > (version 0.68).  You can find it at:
> >
> >       http://www.honeynet.org/tools/cdrom/download.html
> >
> > This update contains a data upload mechanism to allow transporting
> > data to
> > a central data repository.  This mechanism should allow you to quickly
> > correlate and analyze data on multiple honeypots residing on different
> > networks which could lead to trend identification.  Take a look at the
> > Honeywall Upload menu item within the Honeywall Configuration menu.
> >
> > We also included the beginnings of an analysis functionality by allowing
> > the Honeywall to send a daily summary of Honeywall/Honeypot traffic.  I
> > emphasis the beginnings of an analysis functionality, because this is
> > just
> > the beginning.  We hope to have a much better analytical effort on the
> > Honeywall soon.  Baby steps ;)
> >
> > The update also includes a few security fixes:
> >    - an updated kernel (2.4.27)
> >    - updated snort and snort rules
> >    - propoliced binaries.  This attempts to stop buffer overflows:
> >       * libpcap
> >       * snort
> >       * snort_inline
> >       * openssh
> >       * zlib
> >       * openssl
> >       * iptables
> >    - minor bug fixes
> >
> > We are currently working on the next generation cdrom which will have
> > this
> > and more!  We also hope to have things such as international keyboard and
> > scsi support.
> >
> > Please feel free to send me any comments, feedback or complains you may
> > have regarding the cdrom.  If you find a bug, please report it on
> > https://bugs.honeynet.org/
> >
> > Enjoy,
> >
> > Rob McMillen
> > rob () honeynet org
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2 (Darwin)
> >
> > iD8DBQFBK+SEulH/ZGBJPj4RAuaqAJ975PWuL2xIT7agnFgDFmxGSa/ifACgkmIB
> > fVVv8r+wKkvZZd+r1leYYuY=
> > =5KJ0
> > -----END PGP SIGNATURE-----