Folks, after a year of silence, we are releasing a new version of Capture-HPC 3.0.0 beta. The new functionality is a mix of some longer term efforts of Ramon (Connection Monitor) and myself (pcap postprocessor) as well as improvements that resulted from the Google Summer of Code project (DB integration) by our student Van Lam Le (mentored by Peter Komisarczuk from the New Zealand Honeynet Project Chapter).
You can download the new version from the Beta Release section at https://projects.honeynet.org/capture-hpc/wiki/Releases. Capture-HPC 3.0.0 contains the following new features: + added connection monitor that can alert on connection/listening events on the network. This could be used to identify attacks that merely reside in memory. + added support for a backend mysql or postgress database + added post processor plugin architecture. Postprocessors allow to perform actions on classified URLs. + added a post processor that analyzes the network data of a classified URL. It extracts DNS information, HTTP requests and determines whether any domain name is part of a fast flux network. Note that this post processor only works with a group size of 1. Otherwise the network of the entire group is analyzed. It is a beta release and as such as not received as much testing as official releases. I am getting this release in front of you all to solicit some of your support in testing this beta prior to the official release. I need a few volunteers that take a look at specific functionality: - DB integration mysql - DB integration postgress - Connection montior - Pcap postprocessor - regression Pls reply to me directly if you can take on one of these areas, so I know which ones get appropriate coverage. As you identify issues, pls file a ticket in our ticketing system at https://projects.honeynet.org/capture-hpc/newticket. (be sure to select version 3.0.0) We have done some cursory testing and already identified some issues, which are listed under https://projects.honeynet.org/capture-hpc/report/2 . Christian -- ---- Web: http://www.ecs.vuw.ac.nz/Main/GradChristianSeifert PGP key http://homepages.ecs.vuw.ac.nz/~cseifert/pgpkey.txt<http://homepages.ecs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list [email protected] https://public.honeynet.org/mailman/listinfo/capture-hpc
