Virtual ZeekWeek 2020 is free to attend, but registration is required. 
Back To Schedule
Wednesday, October 14 • 10:40am - 11:00am
Day 2 - BSD Honeypots with Zeek - Of course it runs on BSD - Michael Shirk LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Limited Capacity seats available

You MUST register through eventbrite to gain access to this session (Day 2).

BSD Honeypots with Zeek - Of course it runs on BSD

Summary: I did a talk at BSDCan 2020 highlighting the use of BSD as a platform for honeypots. Central to this talk was the use of Zeek and the intel framework to correlate all of this data together while utilizing FreeBSD jails to separate the honeypot from Zeek. I emulated services using a honeypot Python framework in one jail, while using Zeek to monitor all of the traffic going towards the jail. I intend to update this talk to be more focused on the setup of Zeek.

Abstract: In the past, there was some interest in the setting up of honeypots on BSD operating systems with tools like honeyd. Honeypots attempt to capture malicious code, network worms and attackers by emulating vulnerable services using a variety of methods. An opportunity came up for me to try to capture some malicious code using a simple setup with Zeek and FreeBSD jails. The setup was simple and easy to replicate as a way to perform security research on current attacks across the Internet and correlate with other threat sources for analysis.

Slack Channel for this session - vzw-day2-talk6-bsd-honeypots
Haven't joined the Zeek Slack space yet you can do so at:

Link to Session Survey - https://forms.gle/aFCTXniakuJGi7YN9

avatar for Michael Shirk

Michael Shirk

Daemon Security
Michael Shirk is a BSD zealot who has worked with OpenBSD and FreeBSD for over 15 years. He works in the security community and supports open source security products that run on BSD operating systems (Snort, Suricata, Zeek, AIDE).

Wednesday October 14, 2020 10:40am - 11:00am PDT
Online - Zoom Meeting Room