Reading the Honeynet Project paper
The Honeynet Project's cumulative-analysis paper has finally been published. A walk through what it shows and what defenders should take from it.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged research — 7 results.
Honeypot annual recap: 2001
A full-year recap of honeypot data from 2001. The patterns across the year tell a clearer story than any single quarter did.
Honeypot Q3 patterns
Q3 was the busiest quarter the honeypot has ever seen. A summary of the patterns observed across Code Red, Nimda, and the surrounding noise.
Honeypot range expansion: from one IP to a /28
I have expanded the honeypot from a single IP to a small range using Honeyd. The change has dramatically improved the visibility I have into scanning patterns.
An update from the Honeynet Project
Four months after the Honeynet Project's public announcement, the first wave of research output is appearing. A short note on what has been published and what it changes for practitioners.
Cumulative honeypot analysis: six months of captures
Six months of honeypot operation has produced enough data to write a structured analysis. The patterns of attacker behaviour, ranked by frequency, with the defensive implication for each. This is the longer writeup I committed to.
The Honeynet Project goes public
After a year of operating as a private mailing list, the Honeynet Project has formally announced itself this week. The structure, the mission, and what it changes about deception research are worth writing about.