Daniel Hamburg | 4 Dec 11:49 2006
Picon

Counterstorm Correlation engine

Hey everybody,

I would like to know if there are some publicly available information 
about the correlation algorithms used by the Counterstorm (formerly 
Antura) IDS. The white papers found so far just indicate that the patent 
for it is pending, but not if the algorithms are worth a deeper look. ;-)

Greets,
  Daniel

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Landon Lewis | 4 Dec 19:00 2006

Re: Counterstorm Correlation engine

Daniel-

This might help you.

http://appft1.uspto.gov/netacgi/nph-Parser? 
Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch- 
bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=Antura&OS=Antura&RS=Antura

This is the patent application (patent pending) submitted on Nov  
17th, 2005. It looks to contain a lot of invention specifics of their  
technology. Inventors have one year from that to issue the (real)  
patent. I didn't search the issued database or try any other search  
terms besides "Antura".

Regards,

Landon

On Dec 4, 2006, at 5:49 AM, Daniel Hamburg wrote:

> Hey everybody,
>
> I would like to know if there are some publicly available  
> information about the correlation algorithms used by the  
> Counterstorm (formerly Antura) IDS. The white papers found so far  
> just indicate that the patent for it is pending, but not if the  
> algorithms are worth a deeper look. ;-)
>
> Greets,
>  Daniel
(Continue reading)

Sharkey | 9 Dec 03:56 2006
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Sharkey | 9 Dec 03:56 2006
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Sharkey | 9 Dec 03:56 2006
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Sharkey | 9 Dec 03:56 2006
Picon

Call For Papers: SecurityOPUS 2007

Call for Papers

Security OPUS - Call for Papers
March 19-20, 2006.
San Francisco, California. USA
http://www.securityopus.com/papers.phphttp://www.securityopus.com/papers.php

Security OPUS is an annual meeting of professional security
researchers and information security practioners. The conference is a
single track series of presentations designed to focus on new
research/advances in the field. We are looking to ensure each talk
contains relevant and current research and/or addresses today's
issues. One-hour and extended presentation sessions, provides
attendees with a significant advantage, by being informed about
current and future challenges.

Submit to 'contact -at- securityOPUS - com

Step 1.
Submit abstract by JANUARY 30th 2007.
Talk abstracts should be in plain text and contain:
- Presenter name and contact info (e-mail, postal address, phone, fax).
- Brief biography, list of publications, employer or relevant associations.
- Talk title and summary

The review committee assesses the relevance of your abstract to the
conference, your qualifications to be presenting your proposed topic,
and your rationale.

Step 2.
(Continue reading)

Michael Rash | 11 Dec 18:40 2006

Re: Log Visualization Portal - secviz.org

Thanks for creating secviz.org.  I have added a link to a parser for
Netfilter/iptables rules called "nf2csv" that is distributed with the
latest release of psad.  I have also uploaded a couple of graphs that
were generated from parsing the iptables logs that are distributed with
the Honeynet scan challenge (#34).

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

On Nov 27, 2006, Raffael Marty wrote:

> I launched a new portal that deals with visualization of log files:
> 
> http://secviz.org/
> 
> The portal can only survive if people - you - take an active part in =
> contributing content.
> 
> There are multiple resources available where community input is most =
> welcome:
> 
> * Graph Exchange: The idea is that people can submit their graphs, =
> explain why they think the graphs are useful, and how they generated =
> them.
> * Parser Exchange: To generate graphs, you need to parse your data. This =
> is a place where you can submit your parsers.
> * Links: A whole bunch of links around data analysis and visualization.
> * Discussions: A free forum where you can start discussions around the =
(Continue reading)

Picon

Survey on IDS !

Hi folks,

We are researching about basics of IDS.
I hope you can have some time to help us answer the next survey:

1. In your opinion, which is the best IDS ?

2. Why it is the best IDS?

3. What's your opinion about SNORT ?

4. Which is the future of IDS ?

Thanks a lot !!!

--

-- 
Hugo Francisco González Robledo
Instituto Tecnológico de San Luis Potosí

Llave pública en http://www.honeynet.org.mx
Llave pública en http://ardilla.zapto.org

Preguntale a Google-Earth donde estoy :
http://ardilla.zapto.org/ubicaHugo.kml

-------------------------------------------
Educación es lo que queda después de olvidar
lo que se ha aprendido en la escuela.
		Albert Einstein
-------------------------------------------
(Continue reading)

kassem.nasser | 10 Dec 20:32 2006
Picon

Evasion schemes or techniques

Dear all,
I am interested in knowing evasion schemes for application based invasions available,
and i appreciate if you can guide me to some papers or links where I can find such information, and where to
look for answers about evasion techniques,
many thanks,
Divider

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Michael Rash | 11 Dec 07:31 2006

psad-2.0 release

psad is an iptables log analysis tool, and the psad-2.0 release is now
available:

    http://www.cipherdyne.org/psad/

This release will be discussed in my upcoming book "Linux Firewalls:
Attack Detection and Response":  http://www.nostarch.com/firewalls.htm

Here are some of the highlights:

- Completely re-factored Snort rule matching capability.  The Snort
  keywords ttl, id, seq, ack, window, icmp_id, icmp_seq, itype, icode,
  ipopts, and sameip are now supported directly through Netfilter log
  messages.

- Signature updates are now published on cipherdyne.org at the link
  below, and psad can download these signatures and put them in place
  within the filesystem with the new --sig-update command line argument.

    http://www.cipherdyne.org/psad/signatures

- Added the ability to parse Netfilter logs and generate CSV formatted
  output.  This is useful for visualizing Netfilter data with AfterGlow
  (http://afterglow.sourceforge.net).  I have used the --CSV mode along
  with AfterGlow to graphically represent two of the Honeynet scan
  challenges (#30 and #34) that include Netfilter log data:

    http://www.cipherdyne.org/psad/honeynet/scan30/
    http://www.cipherdyne.org/psad/honeynet/scan34/

(Continue reading)


Gmane