/ All,/
/ I am happy to announce the first release of Argos: a full system/
/ emulator (based on Qemu) that detects attempts to compromise the system./
/ It is meant to be used in a honeypot and offers full-system protection,/
/ i.e., it protects the kernel and all applications running on top./
/ Argos is hosted at: http://www.few.vu.nl/~porto/argos
<http://www.few.vu.nl/%7Eporto/argos>/
/ Note: while there is a full installation guide and info on how to run/
/ Argos, there is currently little additional documentation. We will add/
/ this as soon as possible. People interested in details should contact us/
/ for a technical report (the paper is currently under submission, so we/
/ cannot stick it on the website yet)./
/ Cheers,/
/ HJB/
/ Here is the blurb from the website./
/ Argos is a /full/ and /secure/ system emulator designed for use in/
/ Honeypots. It is based on QEMU <http://fabrice.bellard.free.fr/qemu/>,/
/ an open source processor emulator that uses dynamic translation to/
/ achieve a fairly good emulation speed./
/ We have extended QEMU to enable it to detect remote attempts to/
/ compromise the emulated guest operating system. Using dynamic taint/
/ analysis Argos tracks network data throughout the processor's execution/
/ and detects any attempts to use them in a malicious way. When an attack/
/ is detected the memory footprint of the attack is logged and the/
/ emulators exits./
/ Argos is the first step to create a framework that will use /next/
/ generation honeypots/ to automatically identify and produce remedies for/
/ zero-day worms, and other similar attacks. /Next generation honeypots//
/ should not require that the honeypot's IP address remains un-advertised./
/ On the contrary, it should attempt to publicise its services and even/
/ actively generate traffic. In former honeypots this was often/
/ impossible, because malevolent and benevolent traffic could not be/
/ distinguished. Since Argos is explicitly signaling each possibly/
/ successful exploit attempt, we are now able to differentiate malicious/
/ attacks and innocuous traffic./
/ -------/
/ Dr. Herbert Bos/
/ Vrije Universiteit Amsterdam/
/ www.cs.vu.nl/~herbertb/
/ _______________________________________________/
/ Qemu-devel mailing list/
/ address@hidden/
/ http://lists.nongnu.org/mailman/listinfo/qemu-devel/