The first week of the year has been quiet. No major incidents, no urgent advisories, the Trustworthy Computing memo still rumoured rather than published.
A short post on what I have been doing in the absence of news.
Honeypot maintenance
The honeypot range has been stable. The Q3 2001 patterns of elevated scan traffic have continued through Q4 and into the new year — Code Red and Nimda residual infections continue to scan, even months after the worms peaked.
This week I cleaned up the log archives — about 30GB of accumulated raw data from 2001 — and consolidated it into the structured-log database. The consolidation took most of the week; the cleaned data is now efficiently queryable.
Catching up on reading
A backlog of papers and articles from 2001 that I had not got to:
- The full Honeynet Project Know Your Enemy series including the recent updates.
- A few academic papers on intrusion detection that have been recommended by correspondents.
- The Phrack 58 articles I had read once but not properly.
Reading-without-writing is a different discipline than reading-to-write. The first week of the year is a good time to practice it.
Planning the year
The predictions list is the public version of my year-planning. The private version includes more specific operational targets:
- Migrate one production host to FreeBSD as an experiment in platform diversity.
- Build a small custom monitoring tool I have been thinking about.
- Submit at least one paper to a regional conference.
- Read at least one substantial book on cryptography I have been meaning to read.
None of these will produce notebook posts in themselves. They will, I think, improve the quality of the posts that do happen.
What to expect over the next month
Trustworthy Computing memo, if it appears. The rumours have been firming up; the timing is reportedly mid-January. I will write about it as soon as it lands.
Honeypot annual review. A summary of what 2001 produced from the honeypot, with patterns identified across the year.
Routine maintenance posts. Patches applied, configurations updated, the operational rhythm continues.
More in a week. The kettle is on; the year is starting properly.