Wednesday, October 14 • 10:40am - 11:00am
Day 2 - BSD Honeypots with Zeek - Of course it runs on BSD - Michael Shirk LIMITED

BSD Honeypots with Zeek - Of course it runs on BSD

Summary: I did a talk at BSDCan 2020 highlighting the use of BSD as a platform for honeypots. Central to this talk was the use of Zeek and the intel framework to correlate all of this data together while utilizing FreeBSD jails to separate the honeypot from Zeek. I emulated services using a honeypot Python framework in one jail, while using Zeek to monitor all of the traffic going towards the jail. I intend to update this talk to be more focused on the setup of Zeek.

Abstract: In the past, there was some interest in the setting up of honeypots on BSD operating systems with tools like honeyd. Honeypots attempt to capture malicious code, network worms and attackers by emulating vulnerable services using a variety of methods. An opportunity came up for me to try to capture some malicious code using a simple setup with Zeek and FreeBSD jails. The setup was simple and easy to replicate as a way to perform security research on current attacks across the Internet and correlate with other threat sources for analysis.

Michael Shirk

Daemon Security
Michael Shirk is a BSD zealot who has worked with OpenBSD and FreeBSD for over 15 years. He works in the security community and supports open source security products that run on BSD operating systems (Snort, Suricata, Zeek, AIDE).

Wednesday October 14, 2020 10:40am - 11:00am PDT
