Welcome to the ACM-OU HoneyNet Project website

NOTE: Previously password protected materials are now made public, the network configuration changed so much that secrecy is no longer needed. Please email (dvmartyn - at - oakland ~d~ot~ edu) if you have any questions or want to join the project.

Experiments
Reports are availible in pdf and doc formats. Packet captures are in pcap format and are only availible to Project members. Please read the pcap README's before looking at the captures so you know what's going on.

Experiment 3: Creating an intruder profile. In progress.
Update September 2006 - Experiment has been resumed.

Experiment 2: Observing a Linux system intrusion and analyzing the attacker actions. Experiment 3 builds on the progress of this one, so the report is password protected for now. More details soon.
Report

Filtered Packet Capture

[readme]
Captured Attacker Command History Clean [ txt ] Raw [ txt ]
Packet Capture of the SSH bruteforce attack (2.5MB compressed .rar format) [ rar

]
sshd_log.txt (see report for details) [ txt ]
exp2_tcp_alerts.txt (see report for details) [ txt ]

Experiment 1: Observing a fresh, unpatched, and unprotected install of Windows XP open to the Internet for 24 hours.
Report

Packet Capture

[readme]

Helpful Information
The HoneyNet Project Website