headers
Daniel Hamburg | 4 Dec 2006 11:49
Picon

Counterstorm Correlation engine

Hey everybody,

I would like to know if there are some publicly available information 
about the correlation algorithms used by the Counterstorm (formerly 
Antura) IDS. The white papers found so far just indicate that the patent 
for it is pending, but not if the algorithms are worth a deeper look. ;-)

Greets,
  Daniel

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Permalink | Reply | 1 comment |
headers
Landon Lewis | 4 Dec 2006 19:00

Re: Counterstorm Correlation engine

Daniel-

This might help you.

http://appft1.uspto.gov/netacgi/nph-Parser? 
Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch- 
bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=Antura&OS=Antura&RS=Antura

This is the patent application (patent pending) submitted on Nov  
17th, 2005. It looks to contain a lot of invention specifics of their  
technology. Inventors have one year from that to issue the (real)  
patent. I didn't search the issued database or try any other search  
terms besides "Antura".

Regards,

Landon

On Dec 4, 2006, at 5:49 AM, Daniel Hamburg wrote:

> Hey everybody,
>
> I would like to know if there are some publicly available  
> information about the correlation algorithms used by the  
> Counterstorm (formerly Antura) IDS. The white papers found so far  
> just indicate that the patent for it is pending, but not if the  
> algorithms are worth a deeper look. ;-)
>
> Greets,
>  Daniel
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sharkey | 9 Dec 2006 03:56
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sharkey | 9 Dec 2006 03:56
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sharkey | 9 Dec 2006 03:56
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sharkey | 9 Dec 2006 03:56
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael Rash | 11 Dec 2006 18:40
Favicon

Re: Log Visualization Portal - secviz.org

Thanks for creating secviz.org.  I have added a link to a parser for
Netfilter/iptables rules called "nf2csv" that is distributed with the
latest release of psad.  I have also uploaded a couple of graphs that
were generated from parsing the iptables logs that are distributed with
the Honeynet scan challenge (#34).

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

On Nov 27, 2006, Raffael Marty wrote:

> I launched a new portal that deals with visualization of log files:
> 
> http://secviz.org/
> 
> The portal can only survive if people - you - take an active part in =
> contributing content.
> 
> There are multiple resources available where community input is most =
> welcome:
> 
> * Graph Exchange: The idea is that people can submit their graphs, =
> explain why they think the graphs are useful, and how they generated =
> them.
> * Parser Exchange: To generate graphs, you need to parse your data. This =
> is a place where you can submit your parsers.
> * Links: A whole bunch of links around data analysis and visualization.
> * Discussions: A free forum where you can start discussions around the =
(Continue reading)

Permalink | Reply | 0 comments |
headers
Hugo Francisco González Robledo | 9 Dec 2006 07:55
Picon

Survey on IDS !

Hi folks,

We are researching about basics of IDS.
I hope you can have some time to help us answer the next survey:

1. In your opinion, which is the best IDS ?

2. Why it is the best IDS?

3. What's your opinion about SNORT ?

4. Which is the future of IDS ?

Thanks a lot !!!

--

-- 
Hugo Francisco González Robledo
Instituto Tecnológico de San Luis Potosí

Llave pública en http://www.honeynet.org.mx
Llave pública en http://ardilla.zapto.org

Preguntale a Google-Earth donde estoy :
http://ardilla.zapto.org/ubicaHugo.kml

-------------------------------------------
Educación es lo que queda después de olvidar
lo que se ha aprendido en la escuela.
		Albert Einstein
-------------------------------------------
(Continue reading)

Permalink | Reply | 1 comment |
headers
kassem.nasser | 10 Dec 2006 20:32
Picon

Evasion schemes or techniques

Dear all,
I am interested in knowing evasion schemes for application based invasions available,
and i appreciate if you can guide me to some papers or links where I can find such information, and where to
look for answers about evasion techniques,
many thanks,
Divider

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Permalink | Reply | 3 comments |
headers
Michael Rash | 11 Dec 2006 07:31
Favicon

psad-2.0 release

psad is an iptables log analysis tool, and the psad-2.0 release is now
available:

    http://www.cipherdyne.org/psad/

This release will be discussed in my upcoming book "Linux Firewalls:
Attack Detection and Response":  http://www.nostarch.com/firewalls.htm

Here are some of the highlights:

- Completely re-factored Snort rule matching capability.  The Snort
  keywords ttl, id, seq, ack, window, icmp_id, icmp_seq, itype, icode,
  ipopts, and sameip are now supported directly through Netfilter log
  messages.

- Signature updates are now published on cipherdyne.org at the link
  below, and psad can download these signatures and put them in place
  within the filesystem with the new --sig-update command line argument.

    http://www.cipherdyne.org/psad/signatures

- Added the ability to parse Netfilter logs and generate CSV formatted
  output.  This is useful for visualizing Netfilter data with AfterGlow
  (http://afterglow.sourceforge.net).  I have used the --CSV mode along
  with AfterGlow to graphically represent two of the Honeynet scan
  challenges (#30 and #34) that include Netfilter log data:

    http://www.cipherdyne.org/psad/honeynet/scan30/
    http://www.cipherdyne.org/psad/honeynet/scan34/
(Continue reading)

Permalink | Reply | 0 comments |

Gmane