Here at UCD, one of my fav professors, Sean Davis, uses a program called "MOSS" to do the same. It's not open-source, and will probably remain "security-through-obscurity." He said it was based on a fuzzy matching system that basically did a "diff" on all programs and ran them against each other and possibly other databases of code.
The problem is that the backbones need more inter-connects to other companies networks at a local level. For example, living in Davis, CA, my packets from my DSL connection went to Palo Alto, CA because they have to go through ISP's internal network before it reached the backbones to get to my university one block away. If there were more interconnects, there would be less congestion and fewer of these chokehold points. I don't think some fancy piece of software/hardware is going to solve anything when the problem is lack of physical connections.
e-genera has some neat dynamically reconfigurable computers that amount to a single-rack, virtualized server farm that can run a customized version of SMPed Linux or Win2k/XP.
Then if you're in a wheel-chair, and can still brush your teeth, then you're not disabled?!?!?!?!?! Do you have to be a quadraplegic vegetable to be considered disabled??????????
Btw, I'm 24 and have cronic tendonitis, too much wacking I guess.;)
Great, now we'll need a 3D overlay interface to look at all those posts in real-time. Now you'll be able to watch spam and trolls fly by you on your drive to work! So now the whole world can be/.-ed! =) LOL, do i get to moderate messages posted on my house?
Exactly... if you don't get the service manual then don't complain! I got a '78 Chev C-10 350 and a '84 Olds Delta 88 307 and I have no probs working on them because 1) they're simple, 2) i have the service manuals and 3) the parts are relatively cheap. Note that both vehicles are hand-me-downs, so dont say "I bought an EoL product," free == good. The parts are also commonly available and i have the circuit diagrams for the wiring looms. And it also helps that my dad and grandfathers were mechanics. =)
Example: my dad drilled out the venturi on the quadrajet carb of the chev because california models had some stupid flow-restricter that really limited performance. It still gets a whopping 13 mpg city OR highway. And what sucks is that the timing/carb is such that it will only accept premium to keep it from pinging. =( I know this aint a car forum hehehe.
If and when I can afford a new car, I prob wont be able to hack as cheaply. But I'll be makin da bucks and I'll prob pay a mod-shop, who knows what they're doin, to do it.
Re:Demarc Console frontend for Snort
on
Future Of IDS
·
· Score: 1
Cmon snort is very primitive, but it's very good at what it does. We really need a system that does time-domain, frequency and network-wide corellation, as well as finding the meta-patterns for attacks and sharing them w/ other network IDS. Btw, are there any RFC's for IDS data interchange?
The State of IDS
on
Future Of IDS
·
· Score: 3, Interesting
Hi, I currently work in the UC Davissec lab (current project(s): HACQIT).
The basic problem with all IDS is in the confidence level of determining if something is an attack or just random garbage. Also, IDS have to be fast. If there's too much traffic (if you've been/.'d), you may not be able to check all attacks. Some methodogies start from the approach that deviating from a set of known safe operations is considered suspect. Other IDSes approach it from checking against a known-attack database. We're currently working on genetic algorithms and expert systems to correlate sensors and systems to detect and respond to attacks. The best approach I've seen is a complete kernel-level instrumentation of all system calls that's transparent and mostly undetectable. It would probably be DoS-able as well. The main prob is that you realy gotta have another comp to offload IDS checking.
Right now, nearly all IDSes are extremely primitive and consist of nothing more than snortrules and Perl scripts that call ipchains or something.
Btw, I went to RAID 2001 this year (hosted at UCD), it was fairly interesting.
Slashdot Mirror
They think people will buy anything?... They're probably right.
Why don't they just merge? They know they want to. We're all going to end up working for the one company that ownz the world anyhow. ;)
"You've got spyware!"
[Insert ad here for ad-aware, LOL].
The NSA has some fun problems on its USA Mathematical Talent Search (USAMTS) page.
2^(2^(2^2 + 1) - 1) - 1 = 2^31 - 1: Mersenne prime
Here at UCD, one of my fav professors, Sean Davis, uses a program called "MOSS" to do the same. It's not open-source, and will probably remain "security-through-obscurity." He said it was based on a fuzzy matching system that basically did a "diff" on all programs and ran them against each other and possibly other databases of code.
also check out: EVE2
The problem is that the backbones need more inter-connects to other companies networks at a local level. For example, living in Davis, CA, my packets from my DSL connection went to Palo Alto, CA because they have to go through ISP's internal network before it reached the backbones to get to my university one block away. If there were more interconnects, there would be less congestion and fewer of these chokehold points. I don't think some fancy piece of software/hardware is going to solve anything when the problem is lack of physical connections.
It's also good for doing things such as running malicious programs in a controlled environment and as an alternative to ICEs.
e-genera has some neat dynamically reconfigurable computers that amount to a single-rack, virtualized server farm that can run a customized version of SMPed Linux or Win2k/XP.
unix shell gets banner-ads, film at 11. =)
John Romero... yet another paultry twit.
We'll have to go back to watching the cartoon series i guess.
127.0.0.1 ad.doubleclick.net doubleclick.net gravitydirect.net
127.0.0.1 www.gravitydirect.net www.doubleclick.net
127.0.0.1 ads.x10.com www.x10.com x10.com
.
.
.
Ever heard of Wine??? Let's see, free or $100? Btw, aren't Lindows/Wine incompatible with the whole GNU/Linux movement?!?!?!?!?
Microshit Windows 2002 Pro XP Ultra Gold, for a mainstream OS that might work for six months.
Exactly, floppies are sooo unreliable. Can't we all just go to smartcard/compactflash/(etc.) ?
We gotta bust out da l337 hax0r sk1lls and vote for Perl. ;)
must typ w/ gud hnd and use les chrs. ow
The real cause of CTS. LOL. I always could swear that I felt a fish wiggling around. ;)
Then if you're in a wheel-chair, and can still brush your teeth, then you're not disabled?!?!?!?!?! Do you have to be a quadraplegic vegetable to be considered disabled??????????
;)
Btw, I'm 24 and have cronic tendonitis, too much wacking I guess.
All compression does is maximize bit entropy; that is, compression CANNOT occur on random data!!
Sounds like bullshit marketing of someone looking for VC funding.
Someone should sue Xerox for patenting prior art known as "short-hand."
Great, now we'll need a 3D overlay interface to look at all those posts in real-time. Now you'll be able to watch spam and trolls fly by you on your drive to work! So now the whole world can be /.-ed! =) LOL, do i get to moderate messages posted on my house?
I think this guy deserves a mod up.
Exactly... if you don't get the service manual then don't complain! I got a '78 Chev C-10 350 and a '84 Olds Delta 88 307 and I have no probs working on them because 1) they're simple, 2) i have the service manuals and 3) the parts are relatively cheap. Note that both vehicles are hand-me-downs, so dont say "I bought an EoL product," free == good. The parts are also commonly available and i have the circuit diagrams for the wiring looms. And it also helps that my dad and grandfathers were mechanics. =)
Example: my dad drilled out the venturi on the quadrajet carb of the chev because california models had some stupid flow-restricter that really limited performance. It still gets a whopping 13 mpg city OR highway. And what sucks is that the timing/carb is such that it will only accept premium to keep it from pinging. =( I know this aint a car forum hehehe.
If and when I can afford a new car, I prob wont be able to hack as cheaply. But I'll be makin da bucks and I'll prob pay a mod-shop, who knows what they're doin, to do it.
Cmon snort is very primitive, but it's very good at what it does. We really need a system that does time-domain, frequency and network-wide corellation, as well as finding the meta-patterns for attacks and sharing them w/ other network IDS. Btw, are there any RFC's for IDS data interchange?
Hi, I currently work in the UC Davis sec lab (current project(s): HACQIT).
/.'d), you may not be able to check all attacks. Some methodogies start from the approach that deviating from a set of known safe operations is considered suspect. Other IDSes approach it from checking against a known-attack database. We're currently working on genetic algorithms and expert systems to correlate sensors and systems to detect and respond to attacks. The best approach I've seen is a complete kernel-level instrumentation of all system calls that's transparent and mostly undetectable. It would probably be DoS-able as well. The main prob is that you realy gotta have another comp to offload IDS checking.
The basic problem with all IDS is in the confidence level of determining if something is an attack or just random garbage. Also, IDS have to be fast. If there's too much traffic (if you've been
Right now, nearly all IDSes are extremely primitive and consist of nothing more than snort rules and Perl scripts that call ipchains or something.
Btw, I went to RAID 2001 this year (hosted at UCD), it was fairly interesting.
FLTK -- cross-platform, C++ gui, and it works: 'nuf said.