Showing posts with label openpacket. Show all posts
Showing posts with label openpacket. Show all posts

Tuesday, February 10, 2009

New Online Packet Repository

As of a few weeks ago I am no longer involved with OpenPacket.org. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reasons is a great new online packet repository sponsored and run by Mu Dynamics called Pcapr. I've had an account cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re for a few months, but it looks like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 site is now open to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 general public. Check it out -- cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's a lot of cool features already.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best rates.

Saturday, September 06, 2008

Bejtlich Keynote at 1st ACM Workshop on Network Data Anonymization

Brian Trammell and Bill Yurcik were kind enough to ask me to deliver cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 keynote at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1st ACM Workshop on Network Data Anonymization (NDA 2008). The one day event takes place 31 October 2008 at George Mason University in norcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rn VA. My talk will discuss cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trials and tribulations of OpenPacket.org, and changes planned for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 project.

Friday, July 11, 2008

Packet Anonymization with PktAnon


I noticed a new tool on Packetstorm recently: PktAnon by Christoph P. Mayer, Thomas Gamer, and Dr. Marcus Schöller.

This tool seems powerful because you can apply a variety of anonymization policies based on settings you apply in an XML configuration file.

It was easy to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tool on Debian 4.0:


tws:~# cd /usr/local/src
tws:/usr/local/src# wget http://www.tm.uka.de/pktanon/download/pktanon-1.2.0-dev .tar.gz
...edited...
tws:/usr/local/src# tar -xzf pktanon-1.2.0-dev.tar.gz
tws:/usr/local/src# http://www.tm.uka.de/pktanon/download/pktanon-1.2.0-dev.tar. gz
tws:/usr/local/src# sudo apt-get install libxerces27-dev libboost-dev
-su: sudo: command not found
tws:/usr/local/src# apt-get install libxerces27-dev libboost-dev
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libicu36 libxerces27
Suggested packages:
libboost-doc libboost-date-time-dev libboost-filesystem-dev
libboost-graph-dev libboost-iostreams-dev libboost-program-options-dev
libboost-python-dev libboost-regex-dev libboost-serialization-dev
libboost-signals-dev libboost-test-dev libboost-thread-dev libboost-wave-dev
xalan libxerces27-doc
The following NEW packages will be installed:
libboost-dev libicu36 libxerces27 libxerces27-dev
0 upgraded, 4 newly installed, 0 to remove and 3 not upgraded.
Need to get 9259kB of archives.
After unpacking 44.7MB of additional disk space will be used.
Do you want to continue [Y/n]? y
...edited...
tws:/usr/local/src# cd pktanon-1.2.0-dev
tws:/usr/local/src/pktanon-1.2.0-dev# mkdir /usr/local/pktanon
tws:/usr/local/src/pktanon-1.2.0-dev# ./configure --prefix=/usr/local/pktanon
tws:/usr/local/src/pktanon-1.2.0-dev# make
tws:/usr/local/src/pktanon-1.2.0-dev# make install

Next you choose which of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 anonymization profiles we want. Here we use settings_high.xml. To use this configuration file we just tell it where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Input is and where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Output is.

For example, here is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first, original packet.

tws:/tmp# tcpdump -c 1 -r sample.ftp.pcap -neXvvv

reading from file sample.ftp.pcap, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet)
09:38:37.565642 00:0c:29:2d:6a:a0 > 00:50:56:ee:e5:fc, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 74: (tos 0x0, ttl 64, id 48680, offset 0, flags [DF], proto: TCP (6),
length: 60) 192.168.255.131.1385 > 62.243.72.50.21: S, cksum 0x7890 (correct),
2888152290:2888152290(0) win 5840
0x0000: 4500 003c be28 4000 4006 3542 c0a8 ff83 E..<.(@.@.5B....
0x0010: 3ef3 4832 0569 0015 ac25 b4e2 0000 0000 >.H2.i...%......
0x0020: a002 16d0 7890 0000 0204 05b4 0402 080a ....x...........
0x0030: 0003 0aca 0000 0000 0103 0302 ............

Here is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 settings_low profile output.

tws:/tmp# tcpdump -c 1 -r anon.low.ftp.pcap -neXvvv

reading from file anon.low.ftp.pcap, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet)
09:38:37.565642 00:0c:29:2d:6a:a0 > 00:50:56:ee:e5:fc, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 74: (tos 0x0, ttl 64, id 48680, offset 0, flags [DF], proto: TCP (6),
length: 60) 246.142.91.186.1385 > 90.113.151.13.21: S, cksum 0x7c1a (correct),
2888152290:2888152290(0) win 5840
0x0000: 4500 003c be28 4000 4006 38cc f68e 5bba E..<.(@.@.8...[.
0x0010: 5a71 970d 0569 0015 ac25 b4e2 0000 0000 Zq...i...%......
0x0020: a002 16d0 7c1a 0000 0204 05b4 0402 080a ....|...........
0x0030: 0003 0aca 0000 0000 0103 0302 ............

I decided I wanted a low profile that also modified MAC addresses, so I copied cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 low setting and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n made this change:




This was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 result.

tws:/tmp# tcpdump -c 1 -r anon.low-mac.ftp.pcap -neXvvv
reading from file anon.low-mac.ftp.pcap, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet)
09:38:37.565642 da:cb:dc:54:d2:51 > da:28:8d:39:ef:7b, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 74: (tos 0x0, ttl 64, id 48680, offset 0, flags [DF], proto: TCP (6),
length: 60) 246.142.91.186.1385 > 90.113.151.13.21: S, cksum 0x7c1a (correct),
2888152290:2888152290(0) win 5840
0x0000: 4500 003c be28 4000 4006 38cc f68e 5bba E..<.(@.@.8...[.
0x0010: 5a71 970d 0569 0015 ac25 b4e2 0000 0000 Zq...i...%......
0x0020: a002 16d0 7c1a 0000 0204 05b4 0402 080a ....|...........
0x0030: 0003 0aca 0000 0000 0103 0302 ............

Finally I ran cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 medium and high settings.

tws:/tmp# tcpdump -c 1 -r anon.medium.ftp.pcap -neXvvv
reading from file anon.medium.ftp.pcap, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet)
09:38:37.565642 da:cb:dc:54:d2:51 > da:28:8d:39:ef:7b, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 60: (tos 0x0, ttl 116, id 48680, offset 0, flags [DF], proto: TCP (6),
length: 40) 21.248.227.61.19357 > 172.148.57.189.56062: S, cksum 0x31e7
(correct), 2888152290:2888152290(0) win 5840
0x0000: 4500 0028 be28 4000 7406 6920 15f8 e33d E..(.(@.t.i....=
0x0010: ac94 39bd 4b9d dafe ac25 b4e2 0000 0000 ..9.K....%......
0x0020: 5002 16d0 31e7 0000 0000 0000 0000 P...1.........

tws:/tmp# tcpdump -c 1 -r anon.high.ftp.pcap -neXvvv
reading from file anon.high.ftp.pcap, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet)
09:38:37.565642 55:3e:4d:bf:1f:e8 > 55:35:a0:67:f1:3a, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 60: (tos 0x0, ttl 126, id 48680, offset 0, flags [DF], proto: TCP (6),
length: 40) 162.131.129.172.20319 > 97.102.43.234.21842: S, cksum 0xb113
(correct), 2888279266:2888279266(0) win 5907
0x0000: 4500 0028 be28 4000 7e06 8d27 a283 81ac E..(.(@.~..'....
0x0010: 6166 2bea 4f5f 5552 ac27 a4e2 2080 2000 af+.O_UR.'......
0x0020: 5002 1713 b113 0000 0000 0000 0000 P.............

We should be able to try this tool with OpenPacket.org. Let me know what you think.

For details on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 anonimization policies please read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 documentation.

Friday, April 04, 2008

OpenPacket.org 1.0 Is Live

Nearly three years after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 initial post describing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea , I am happy to report that OpenPacket.org 1.0 is ready for public use, free of charge.

The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r members of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital security community. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most difficult problems facing researchers, analysts, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs is understanding traffic carried by networks. At present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no central repository of traces from which a student of network traffic could draw samples. OpenPacket.org will provide one possible solution to this problem.

Analysts looking for network traffic of a particular type can visit OpenPacket.org, query cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org capture repo for matching traces, and download those packets in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir original format (e.g., Libpcap, etc.). The analyst will be able to process and analyze that traffic using tools of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir choice, like Tcpdump, Snort, Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real, and so on.

Analysts who collect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own traffic will be able to submit it to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org database after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y register.

Anonymous users can download any trace that's published. Only registered users can upload. This system provides a level of accountability for trace uploads.

Our moderators will review cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trace to ensure it does not contain any sensitive information that should not be posted publicly. Besides appearing on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 site, once a trace has been published you can receive notice of it via this published trace RSS feed.

If you have any doubt regarding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 publication of a trace, do not try to submit it. When moderators are unsure of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nature of a trace, we will reject it. OpenPacket.org is not a vehicle for publishing enterprise data as contained in network traffic.

I would like to thank all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 people who submitted suggestions and did feature testing via cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 openpacket-devel mailing list. If you have issues regarding usage of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 site, consider subscribing to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 openpacket-users mailing list or post to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org Forums.

As time permits I will probably post more on how to use OpenPacket.org strictly on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket Blog. I will minimize cross-posting to TaoSecurity Blog and OpenPacket Blog.

I save my final thanks for Sharri Parsell, our Web developer, and JJ Cummings for hosting OpenPacket.org. Without your work we would not have a site!

Tuesday, July 03, 2007

OpenPacket.org Developments

I am happy to report that work on OpenPacket.org is back on track, thanks to a new volunteer Web application developer.

Please read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rest of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Openpacket.org Blog.

Monday, July 17, 2006

OpenPacket.org Update

I just posted news on OpenPacket.org at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket Blog. I made an initial announcement about OpenPacket last year. In short, this project is going nowhere unless I get some help with development or financing, due to my lack of Web development skill and time. I appreciate any comments you might post on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket Blog.

Update: Please visit cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket Blog for fresh updates. I created devel and users mailing lists, and two people have already volunteered development help. Wow!

Friday, January 27, 2006

Snort.org Posts BlackWorm Packet Captures

The folks at Sourcefire have done cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 analyst community a great service by posting traffic captures of CME-24, aka "BlackWorm". Kudos also to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Common Malware Enumeration project for providing an easy way to reference malware! Once OpenPacket.org gets going, I hope to host cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se sorts of captures cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re.

Update: Check out this Sourcefire VRT analysis.

Saturday, December 31, 2005

Thank You for Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Great Year

Exactly one year ago today I posted a thank-you note for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 great year of blogging in 2004. A look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2004 statistics shows as recently as July 2004, this blog had less than 6,000 visitors per month, as tracked by Sitemeter. I have no idea how Atom, RSS, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r republishing is affects those statistics. Soon after my first book was published, we broke through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 10,000 per month mark and have never looked back.

As you can see from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2005 chart above, we're at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 22,000 per month mark now, and broke through 25,000 in August during my coverage of Ciscogate. This blog continues to be a nonpaying venture, despite offers to commercialize, syndicate and repackage cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content elsewhere. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs already do this without my permission, but I thank those more responsible people who ask before posting my content elsewhere. For example, I've given cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 great publisher Apress blanket permission to quote anything I say here. This is my small way to say thank you for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 books cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y've sent me to review. One of my New Year's resolutions for 2006 is to dedicate specific time early each morning (before my 1 year old daughter wakes up) to read, review, and recommend books. I managed to read and review 26 technical books in 2005, but I have a backlog of over 50 waiting for attention.


I read every book upon which I make comments at Amazon.com, unlike some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs who consider a rehash of a book's back cover to be a "review." I also try to avoid bad books, so don't expect too many low-star reviews.

I have found your comments to be one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best parts of blogging in 2005. I really appreciate hearing what you have to say, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r publicly as a blog comment or privately via email. I don't have time to reply to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 few of you who send me multi-page running commentaries on everything I publish or blog, but I appreciate your thoughts nevercá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365less.

In 2006 I plan to continue blogging about subjects which interest me, like network security monitoring, incident response, forensics, FreeBSD, and related topics. I welcome any thoughts on ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r issues you find pressing. If you want to see how I keep track of world security events, please visit my interests page. Those are my bookmarks; I avoid browser bookmarks whenever possible.

In 2006 I also plan to devote time and resources to OpenPacket.org. Many of you have offered some form of support. As that project develops I will request assistance, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r here or on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org Blog. 2006 should also be a big year for TaoSecurity, my company. I am not sure if 2006 will be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year I decide to hire employees, but I am considering hiring contract help for some in-house coding projects. These projects would support cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company's consulting, incident response, and forensics services. Should anything be of use to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wider community, it will appear on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TaoSecurity products page. If you would be interested in working for TaoSecurity, please feel free to send me your resume in .pdf format to richard at taosecurity dot com. I am always interested in meeting security practitioners who can administer systems properly, perform network- and host-centric incident response and forensics, write security tools, speak and publish original material, and seek to save cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world one packet at a time.

I have ideas for additional, specialized training courses for 2006. At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment demand for private 4-day Network Security Operations classes has been strong. I am working with a few different customers to support specialized training outside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 core NSO focus. Some of those endeavors may be offered to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public. I will also submit proposals to speak at a few more USENIX conferences, which are public opportunities for training in network security monitoring. I post word of any place I intend to speak at my events list.

I do not have any new books scheduled for writing in 2006. Having authored or co-authored three books in three years, I expect to take a break. I have ideas for more articles like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one in Information Security Magazine. I should have an article in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 February 2006 Sys Admin Magazine on keeping FreeBSD up-to-date.

My family and I wish all of you a prosperous 2006!

Monday, December 12, 2005

Marcus Sachs in SC Magazine

I was pleased to hear what Marcus Sachs is working on, courtesy of an interview by Illena Armstrong and Marcia Savage in this month's SC Magazine. I first met Marcus when I was an Air Force captain at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AFCERT and he was an Army Major at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 JTF-CND.

Marcus mentioned a project that caught my attention:

"We're also building a database of large data sets collected from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internet. The intent is to help researchers who might be working on a new security device.

Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than trying to connect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own networks and pull live data in from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir university network, or wherever cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are doing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 research, we want to provide cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m with real data sets that have been collected from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 internet, but properly sanitized and anonymized...

In a technical sense, this is easy. All you have to do is hook a computer up and start recording. But you end up picking up a lot of private information. We have been working on this with lawyers, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Electronic Privacy Information Center (EPIC) and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Electronic Freedom Foundation, among ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs.

This is going to be remarkable because we'll be able to create anonymous data sets that actually reflect what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hostile internet looks like, but that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 privacy people are OK with. Both cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 private sector will have access to this database, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will have to be vetted if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y want to use it. If Al Qaeda wants access, we won't grant it, but if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Atlanta Police Department wants to train some cybercops, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n that's cool.

SC: When will this be done?

Sachs: We're getting close. We could see this come online later this year or early next year. We're just working out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last details with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 lawyers."

This sounds very interesting, and similar to OpenPacket.org. When I finally get some time to work on OpenPacket, it should be similar to Marcus' project. However, I don't intend to limit who can download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data. I plan to host network traffic in Libpcap format. I wonder if Marcus will offer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same, or more (hard drive images, like our book Real Digital Forensics, maybe).

Tuesday, August 30, 2005

Request for Help with OpenPacket.org

Earlier this month I announced work on OpenPacket.org, a free site providing quality network traffic traces to researchers, analysts, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r members of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital security community.

We are looking for help in two areas:

  1. Open source content management systems (CMS) experience: We believe we will use a CMS to accept, moderate, and present traffic captures to users. We need help planning and deploying a CMS that will meet our needs.

  2. Open source database experience: We will use an open source database like MySQL or PostgreSQL, as compatible with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CMS we choose. We need help planning and deploying a database schema, and we will need guidance on configuring cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 database properly. Most of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org crew has database experience as it relates to supporting intrusion detection sensors, but storing and retrieving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of data we have in mind is probably outside our daily routine.


We have ideas for additional OpenPacket.org functionality, but providing ways to accept, moderate, and present traces in Libpcap format is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 primary goal of our first version of OpenPacket.org.

If you are interested in helping with eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r subject, please email richard at taosecurity dot com.

If you have any comments, as always cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are welcome here. Thank you.

Wednesday, August 10, 2005

OpenPacket.org Initial Announcement


I would like to announce that I am working on a project called OpenPacket.org. The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r members of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 digital security community. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most difficult problems facing researchers, analysts, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs is understanding traffic carried by networks. At present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no central repository of traces from which a student of network traffic could draw samples. OpenPacket.org will provide one possible solution to this problem.

Analysts looking for network traffic of a particular type will visit OpenPacket.org, query cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org Database for matching traces, and download those packets in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir original format (e.g., Libpcap, etc.). The analyst will be able to process and analyze that traffic using tools of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir choice, like Tcpdump, Snort, Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real, and so on.

Analysts who collect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own traffic will be able to submit it to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org database, assuming it is suitable for public review and meets guidelines to be announced later.

I am currently working with some friends and colleagues on this project. We hope to have OpenPacket.org up and running before cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year. At present cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenPacket.org domain name is "parked," and soon it will simply forward to this blog entry. As we enter Alpha and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n Beta status, more will be available through that domain name.

Monday, July 25, 2005

1000th Post


This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 1000th TaoSecurity Blog post. Thankfully, after being broken for months, Blogger fixed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post tracking counter in time for me to notice this milestone.

I started cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blog on 8 January 2003 as a place to post word of new Amazon.com book reviews. I haven't read a new book since May, because I have been extremely busy launching my new company TaoSecurity. I plan to resume reading books very shortly, probably starting with Extreme Exploits.

The blog has now evolved into a place where I record tips on using FreeBSD and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r operating systems and applications. I also post thoughts on network security monitoring and related security topics. I constantly refer back to posts here to remember how I configured a program or what my thoughts were on a certain subject. I detest keeping bookmarks, so I try to store anything of value here. A bookmark has no context and says nothing about how or why I recorded it. In brief, this blog helps me keep a grip on developments in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tech world.

Looking ahead, I have two new projects in store: cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TaoSecurity Podcast and a resource I'm calling OpenPacket.org. You can expect to read more about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fourth quarter of this year. I appreciate everyone who reads this blog and I especially enjoy reading your comments and emails. Our next milestone is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blog's third birthday in January, so I hope to see you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n!