Anton, Raffy and I are pleased to release the 5th honeynet forensic challenge. Challenges are one of the favorite Honeynet Project things that people enjoy from us, and it is a pleasure for me to participate in such a great log analysis challenge.
Data are one of the hardest things to get, I regularly hear from customers and people I meet during various conferences around the world (both industrial and academic) that they had a hard time to test their tools on real data.
Indeed, it is not easy to setup an environment that looks real, and until now, despite the few efforts out there, DARPA was the only one to release data in 1998, 1999 and 2000, we don't see much data available to the public. Good data must mix both real stuff you have on your network and attacks in it (and not just attacks).
A lot of people have data but cannot share it for mostly confidentiality reasons. I admit this is not easy and this is why I started the loganon project during the last Google Summer Of Code (I will post something specific on this project later).
Most of the time I bring this subject on the table I hear people saying this is a dead-end, too hard to do, nobody will cooperate. Well, I am pretty sure Wikipedia heard the same stuff before starting.
So instead of worrying and wondering how to do it, we just do it. Enjoy this challenge, since it is a pretty open challenge I expect a lot of surprising results.
Get it here http://honeynet.org/challenges/2010_5_log_mysteries
mercredi 1 septembre 2010
Inscription à :
Articles (Atom)
