We’re proud to announce that as of 2017 both our website and email are now fully IPv6 ready!
As the roll-out of IPv6 goes slow but steady, more and more websites add quad-A records to their DNS making them reachable over IPv6. Is your website IPv6 ready? Test your website here, and your current connection here!
SIDN Fund offers financial support for DDOS alerting service
Within our HoneyNED chapter two people are working on DDOS detection techniques by using honeypot technology. The knowledge about which DDOS attacks are ‘running’ and which sites are under attack is interesting for a broader audience than our HoneyNED chapter. We’ve decided to start creating a public DDOS alerting service and applied for financial support here for by SIDN Fund.
SIDN Fund stands for ‘a strong internet for all’ and provides financial support to ideas and projects that aim to make the internet stronger or that use the internet in innovative ways. By doing so, SIDN Fund wants to help increase the social impact of the internet in the Netherlands. SIDN Fund is an independent foundation established by SIDN, the foundation for internet domain registration in the Netherlands.
SIDN Fund has decided to offer financial support for HoneyNED in order to create the DDOS alerting service. We’re very much pleased and will make sure the service will be available within 12 months. For further information please read the full SIDN Fund press release (in Dutch): https://www.sidnfonds.nl/nieuws/nieuwe-lichting-pioniers
While a lot of improvements are being made in the development branch and now released in version 2.1, the binaries lack behind. Because of this I tried to compile from Git myself. This proved to be a bit difficult, mainly because of some dependencies not available via Maven anymore. In this blog I will show how to compile and configure HSN2 yourself.
The HSN2 framework is still considered experimental software. Installation and configuration still has its rough edges. The main benefit for using a framework is to have easy access to multiple plugins. If you want to write your own plugin see Niels van Eijk his Java One presentation for an introduction on writing your own plugin:
If compiling succeeds, you can also do a build and automatically generate Debian packages. You can of course also run and configure the jar files manually (which can take quite some time to figure out). Run the following script:
1
debian-build.sh
If you want to set up a local Debian repro, continue with the following steps:
Install the following subset of packages (installation will fail if rabbitmq/mongodb are not started), we skip python-hsn2-thug, hsn2-thug-docker and hsn2-capture-hpc for now.
Create file with a url on each line (at least one line) and submit a job:
1
hc j s simple feeder.uri=/home/<USERNAME>/uris.txt
Check whether the job was processed correctly:
1
hc j d <NUMBER OF JOB>
Now that you have the HSN2 framework running you can dive into the different plugins (or write one yourself) and make your own workflows (see /etc/hsn2/workflows). Don’t forget to look trough the logging in /var/log/hsn2 for errors/pointers. A Django based webinterface is also available, see https://github.com/CERT-Polska/hsn2-webgui and http://www.honeyspider.net/Web-Interface.html.