Droids Corporation -- Honeynet-related stuff

Welcome to the Droids Corporation 's page about Honeypots. We describe here our work on tools for honeypots like Sebek.

Some of us are members of the French Honeynet Project, and we work with them on honeypot topics.

The authors of the tools and papers presented here are Arnaud Ebalard, Pierre Lalet and Olivier Matz.

Sebek is a kernel land capture tool that allow a honeypot administrator to get the tools and tricks used by Black Hats.

Sebek clients for *BSD :

Testing versions

These versions are available for testing and development purposes. They are compatible with Sebek Protocol version 3, and the 3.X versions of the Honeynet Project. If you test one of these clients, we are really interested by any feedback.

Sebek client for FreeBSD (3.0-cvs20050523) : sebek-freebsd (patch against FreeBSD 5.3, md5 : 3f84cb8d4a93ccd3bd8dc1de9b401d5e).
Sebek client for NetBSD (3.0-cvs20050523) : sebek-netbsd (patch against NetBSD 2.0 and 2.0.2, md5 : 5a79941eef691a92de96be41ab1aba5c).
Sebek client for OpenBSD (3.0-cvs20050523) : sebek-openbsd (patch against OpenBSD 3.7, md5 : 099e0a0b26acd27ecccb1abf68b018f9).

If you are interested on Sebek implementations for *BSD, you can subscribe to the mailing list. Be sure to subscribe before posting, else you won't receive any reply...

Stable versions

These versions are compatible with Sebek Protocol version 1, and the 2.X versions of the Honeynet Project tools.

Sebek client for FreeBSD (1.2 stable) : sebek-freebsd (patch against FreeBSD 5.3, md5 : cde0d4c471c5758dc34abdc4fc6b338b).
Sebek client for NetBSD (1.2 stable) : sebek-netbsd (patch against NetBSD 2.0, md5 : c2ad26d8a1099b26fa9daf4789c26515).
Sebek client for OpenBSD (1.2 stable -- unofficial) : sebek-openbsd-droids (patch against OpenBSD 3.6, md5 : 854e1e1d90693a59d73bb6c77e2b7193). This is not the official Sebek client for OpenBSD, this is only a port of the Sebek client for NetBSD on OpenBSD.

Papers :

Sebek 2 client for FreeBSD and NetBSD : [PDF].
Official Sebek 2 client for OpenBSD (official), a fast study : [PDF].

Old tools :

Warning : the tools listed above are deprecated and are here for testing purposes only. They might be dangerous ! Do not try one of these tools at home without your parents.

Sebek2 client for FreeBSD as a LKM (deprecated) : sebek-freebsd-lkm (LKM for FreeBSD 5.1 i386, md5 : d3884da0b5d6ccbcd9674df828f5062d)
UnSebek against Sebek2 for FreeBSD as a LKM : unsebek-freebsd-lkm (LKM for FreeBSD 5.1 i386, md5 : 95bddc9ab76037a7cbe7e05c20228d56)

The instructions for each Sebek client are in a README file included in the archive.