Current setup(s):
----------------

GenII, FreeBSD 4.6 victim server, Linux IDS/sniffer, Linux GenII
bridge, bash/sh logger, honeypot remote syslog, snort-inline,
snort-1.9, ACID, tcpdump, iptables, etc

Setup is to go live after testing is complete!

Previous setup(s):
----------------

http://www.netforensics.com/honeynet1.html

GenII, all-Linux setup, bash logger, local LKM keylogger, honeypot remote
syslog, snort-inline, snort-1.9, ACID, tcpdump, iptables, etc

Findings/developments this quarter:
----------------------------------

Honeynet developments:
-setup migrated to GenII
-hardened honeypot research
-"worm watching"
-WU-FTPD Linux compromises analysis
-bash logger improved
-sh logger for *BSD under development

Publications:
-http://www.infosecnews.com/opinion/2002/06/19_04.htm
-http://www.infosecnews.com/opinion/2002/09/25_04.htm
-http://www.issa.org/currentpwd.pdf

Public presentations:
-ITRA "Counter-Intelligence in Internet Security: Honeypot Best Practices"

Other activities:
-Scan of the Month #20 graded
-Scan of the Month #22 designed

Plans for next quarter:
----------------------
-further development of *BSD deployment as victim
-"better attackers" research