Michael Rash, Security Researcher

Honeynet Challenge Analysis with psad

The Honeynet Project has made several interesting analysis challenges to the security community. These challenges include analyzing data from security tools such as Snort and iptables in order to tell whether a system has been compromised, or in some cases reverse engineering malicious binaries in order to determine what they are designed to do.

Two of the challenges so far (Scan30 and Scan34) have included extensive iptables logs. By combining the new CSV output mode in psad-2.0 and the AfterGlow project, some nice graphical representations of the scans and compromise attempts can be made. Also, a site that should be mentioned is SecViz - Security Visualization since it is dedicated to the visualization of security data and created by the author of AfterGlow.

Honeynet Scan30 Challenge Graphs
Honeynet Scan34 Challenge Graphs