Wednesday, December 19, 2007
Teaching Bro at RWTH Aachen, Germany
For the past two weeks, Robin and I have been visiting former ICSI scholar Klaus Wehrle's Distributed Systems Group at RWTH Aachen, Germany. Robin and I lectured on the state of the art in network monitoring and intrusion detection, traffic analysis tools, and introduced the students to the Bro IDS. Following the success of the 2007 Bro Workshop at the San Diego Supercomputing Center, we held a slightly reduced version of the workshop in form of a two-day student lab, in which the students had to solve progressively more difficult network monitoring tasks. Assignments ranged from simple tuning of Bro's default alarm and notice policies to a customizable and persistent database of services running on the monitored network's hosts. After two days, the students were able to implement the latter in less than 100 lines of Bro code, here demonstrated by student Johannes Laudenberg: It was great fun to visit the group and spread the word on Bro. Robin and I were pleased to see that foosball skills are strong at RWTH, seriously good Sauerbraten is available at walking distance from the lab, and the Glühwein at the gorgeous Christmas market is delicious. Many thanks Klaus for the invitation!