[Cs22800] The Web

Benjamin Johnson bsjohnso at midway.uchicago.edu
Sun Oct 20 18:32:42 CDT 2002 

All,

Sorry about my late reply but my DSL connection has been down for a
while today.  Anyways, I'm going to add the e-mail addresses of everyone
to the list.  Also, I find it nice to make a webpage for the project
with all the details.  Obviously its not required thus far, but I think
professor o'donnell would prefer to have each of us setup a page with
notes of our progress readily available.

I will speak about my project tomorrow.  It will be more background then
real technical stuff but I'll let you know about where I'm at, what
problems / difficulties I ran into today and about where I'm going with
it.

As for my project:

Currently I am just porting over the kernel module.  It is not real easy
since enough things are different to make it more time consuming than
just changing a few simple system call numbers.  The one beacon of light
I have is that I was sent adorebsd by one of the honeynet members. 
Sebek, the linux version, is based upon adore for linux.  Therefore me
having adorebsd is a wonderful thing.  However, the way some of the
kernel programming is will require me to learn a lot about freebsd and
bsd kernel stuff...it shouldn't be very bad, I just have to do some
research and read some header files.  Since writing a device driver adds
complexity, right now I am simply trying to capture keystrokes,
timestamp them and print them out.  Once this has been accomplished
(hopefully soon) I can work on the device driver...and at the same time
contemplate whether or not there is an easier / better way to do the
covert driver stuff.  Since sebek is supposed to be for anyone wanting
to setup a honeynet / honeypot, it may not be the best to have serial or
parallel links because that may add some configuration issues depending
on their hardware...maybe not though.

As for the other parts of Sebek, they seem to be easier to port since
its straight user applications...I believe I just need to change a few
header files around.

I'm still working on this for a while tonight, so maybe I'll make some
progress.  I'll update you guys tomorrow.

See ya,

Ben

More information about the CS22800 mailing list