Embed Size (px)
Citation preview
NACS - March 2012
THP: Tunisian Honeynet Project « Saher-Honeynet »
Speaker: Hafidh EL FALEH
Perimeter of the project
The NACS is member of :
A CSIRT is a team that responds to computer security incidents by providing all necessary services to solve the problem(s) or to support the resolution of them
CERT/CSIRT Services
ISAC: Information Sharing and Analysis Center
CEWS Architecture
ISAC: Information Sharing and Analysis Center
Honeywall
2005 2006 2007 2008 2009 2010 2011
THP: Project Histogram
Tools used in the current configuration
2500 Public IP
2009-2010Annually evolution of attacks
2010-2011Annually evolution of attacks
Saher-Honeynet Website: Online statisticswww.honeynet.tn
Saher-Honeynet Website: « Dashboard »www.honeynet.tn/dashboard
Ideas For GSoc 2012
IP Reputation Dadabase Designing and specifying a tool to interface with a lot of
honeypot tools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP address related with her historic logs.
Provide an web access (web services) to this tool , automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.
Ideas For GSoc 2012
Black-List Generator Create an updated list for malicious domains and
hosts from malwares offred. Select Profile of equipments to generate ACL
(Firewall, IDS/IPS, Proxy ..) . Designing and specifying techniques for black-list
tool. Online sharing of black-list.
ISP 1
IDS
ISP 2
IDSISP 3
IDS
Extract List ofMalicious Domains
Update D-IDS Rules
Watch for logs
1
2
3 Save passive DNS Detection
THANKShttp://www.honeynet.tn
[email protected]@gmail.com
http://twitter.com/SaherHoneyNet
http://www.linkedin.com/groups/The-Honeynet-Project-Tunisia-chapter
