[Honeywall] Keystroke Summary

Rob McMillen rvmcmil at gmail.com
Thu Jun 12 08:14:56 EDT 2008


Bjoern,
    What kind of output are you actually looking for?  Can you give me
an example to make sure I am thinking along the same lines?

List,
    I am currently working on a script to poke at the database and
correlate keystrokes with the source ip responsible for making them.
I started out with pcap files, but I found the source ip might not be
contained within the very same pcap file if the process had been
running for a long time.  Therefore, the script runs against the hflow
database (I am trying to make it backwards compatible with the hflow1
schema) which makes it a bit slower if you do not give it a date
range.  However, with the limited testing I have been doing, it seems
to group the source ip with the keystrokes.  Need more data to ensure
it is working properly.  Still in a very rough state, but I hope to
package it up for testing here very soon.

Thoughts?

Rob

On Thu, Jun 12, 2008 at 7:59 AM, David Watson <david at honeynet.org.uk> wrote:
> Bjoern,
>
> This has been something that we have been keen to see for a while, and
> we are currently looking at potential solutions. Hopefully we'll be
> announcing something here in the next couple of months, once there is
> code available to test.
>
> Thanks,
>
> David


More information about the Honeywall mailing list