Home » Uncategorized » CommunityHoneyNetwork version 1.9.1 released!

CommunityHoneyNetwork version 1.9.1 released!

By in Uncategorized on .

We’re happy to release a minor update to CHN, version 1.9.1. This version brings a couple small bug fixes (such as P2P hpfeeds3 sharing), and two new features:

  • chn-intel-feeds now supports generating a feed from the API of a CHN-Server
  • Two new honeypots: Big-HP and elasticpot

For those currently using chn-intel-feeds, please consult the documentation because without adding at least one new ENABLED configuration item, you won’t get any data! With this latest release of this container, you can now generate feeds from a CIF server, upload safelist items specifically for you to a CIF instance, or generate a feed by querying a local CHN-Server instance. This last option is a convenient way for those running CHN (but not connected to the STINGAR repository) to provide pre-formatted feeds to protection devices. For those already connected to the STINGAR repository, this option is not recommended as it won’t get you the data any faster.

This release includes Elasticpot, maintained by Vesselin Bontchev, and Big-HP, the first exemplar of a new web honeypot framework by Alexander Merck emulating F5 Networks BigIP management interface. These two honeypots provide two new web interface honeypots that should provide useful additional telemetry for users.

One change made to our deployment scripts in this version, and reflected in the documentation, is the removal of web ports from Dionaea configurations. We no longer recommend that these ports be exposed to the internet, as we’ve discovered a false positive condition with these ports for Dionaea.  The documentation for P2P hpfeeds3 full data sharing has been updated to reflect the changes in 1.9 to command locations, etc.

Upgrading from 1.9 should be as simple as updating the tags in your docker-compose.yml,  with the exception for users of chn-intel-feeds who should consult the documentation for the new chn-intel-feeds.env configuration option. For most users, simply adding a *-ENABLED (for CIF-FEED, CHN-FEED, or CIF-SAFELIST) should be enough to keep you instance running properly.

Hopefully everyone will upgrade to this latest version, and let us know via Github of any issues you encounter or features you’d like to see.

Stay safe out there!

Tags: , ,

Leave a comment

Your email address will not be published. Required fields are marked *

Join private STINGAR mailing list

Interested parties are encouraged to interact with the team via the project Github pages or in the Gitter IM community, which gives us a public space for quick questions.

Academic institutions can email Alex Merck at team-stingar@duke.edu to be added to the private STINGAR mailing list and Slack workspace.

Please include information about your organization’s interest in the STINGAR project in your request.

Sites@Duke Express is powered by WordPress. Read the Sites@Duke Express policies and FAQs, or request help.