Re: [SLUG] IDS presentation?

From: Derek Glidden (dglidden@illusionary.com)
Date: Thu Feb 27 2003 - 18:40:31 EST

Next message: Robert Eanes: "Re: [SLUG] RE: Verison DSL"
Previous message: Derek Glidden: "Re: [SLUG] IDS presentation?"
In reply to: Paul M Foster: "Re: [SLUG] IDS presentation?"
Next in thread: Brian Coyle: "Re: [SLUG] IDS presentation?"
Reply: Brian Coyle: "Re: [SLUG] IDS presentation?"
Reply: Thomas A. Ufer: "Re: [SLUG] IDS presentation?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, 2003-02-27 at 18:31, Paul M Foster wrote:
> On Thu, Feb 27, 2003 at 11:25:14AM -0500, Derek Glidden wrote:
>
> >
> > Ok, I have a couple responses that people would be interested in seeing
> > a presentation on IDS systems like Snort and Integrit.
> >
> > Anyone else?
> >
> > I'd like to know it'll be well-received before I put too much effort
> > into it. It will almost certainly be at a Tampa meeting, since those
> > are the easiest for me to get to. If there's enough interest, and no
> > schedule conflicts (i.e. something else is already scheduled), I could
> > probably have something ready by the March meeting.
>
> Nothing else is scheduled. I'd be interested. But let me know ASAP if
> you intend to do this, so I can promote it.

Yeah, it seems like enough people are interested, I'll get started
working on it.

Like I said in my last message though, I want to make sure people
understand I want to talk about IDS systems, not how to exploit boxes.
Different sides of the same thing; one is interesting technology, one is
skript kiddie stuff.

I'll specifically focus on Snort (Network Intrusion Detection) and
Integrit (Filesystem Intrusion Detection) since those are the two with
which I'm most familiar.

Possibility of a projector is .. ??

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 
         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/                   http://www.anti-dmca.org/

Next message: Robert Eanes: "Re: [SLUG] RE: Verison DSL"
Previous message: Derek Glidden: "Re: [SLUG] IDS presentation?"
In reply to: Paul M Foster: "Re: [SLUG] IDS presentation?"
Next in thread: Brian Coyle: "Re: [SLUG] IDS presentation?"
Reply: Brian Coyle: "Re: [SLUG] IDS presentation?"
Reply: Thomas A. Ufer: "Re: [SLUG] IDS presentation?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:56:03 EDT