Honeynet Project Scan of the Month Challenges are BACK with a vengeance! Today we announce a new type of challenge: an Analysis Challenge. Scan of the Month #30 offers you an opportunity to draw your conclusions from a massive pool of honeynet firewall log data. Questions to guide your creativity in the analysis process are provided. . . .
Scan 30

This month's challenge is different. Traditional SotM challenges have been about analyzing specific attacks against specific honeypots. This time we are going to take a step back and look at the bigger picture. Your job is to analyze a months worth of connection activity to and from a honeynet by analyzing the firewall logs. This is where analysis of any honeynet most often begins. All entries are due Friday, 26 March. Results will be released Friday, 2 April. Find the rules and suggestions for submissions at the SotM Home Page.

Skill Level: Intermediate

The Challenge:
We provided some questions below to focus your analysis process. It is expected that the best entries will go above and beyond the questions and provide more insight on what really was going on. Also, for some of the questions there is no single "correct" answer". Even having access to full packet logs, we might not now what really took place. Thus, a good compelling argument backed by creative research methodology may count just as highly as a true answer! And earn a prize! Top 3 entries will receive a signed copy of the book Security Warrior. If you want some guiding ideas on where to start your analysis process, look for SANS GCIA certification practicals through Part III of various completed practicals posted above for many creative log analysis tools and possible conclusions from pools of log data.

The link for this article located at honeynet.org is no longer available.