Wednesday, December 19, 2007

Teaching Bro at RWTH Aachen, Germany

For the past two weeks, Robin and I have been visiting former ICSI scholar Klaus Wehrle's Distributed Systems Group at RWTH Aachen, Germany. Robin and I lectured on the state of the art in network monitoring and intrusion detection, traffic analysis tools, and introduced the students to the Bro IDS. Following the success of the 2007 Bro Workshop at the San Diego Supercomputing Center, we held a slightly reduced version of the workshop in form of a two-day student lab, in which the students had to solve progressively more difficult network monitoring tasks. Assignments ranged from simple tuning of Bro's default alarm and notice policies to a customizable and persistent database of services running on the monitored network's hosts. After two days, the students were able to implement the latter in less than 100 lines of Bro code, here demonstrated by student Johannes Laudenberg: It was great fun to visit the group and spread the word on Bro. Robin and I were pleased to see that foosball skills are strong at RWTH, seriously good Sauerbraten is available at walking distance from the lab, and the Glühwein at the gorgeous Christmas market is delicious. Many thanks Klaus for the invitation!
Posted by at No comments:
Labels: ,

Wednesday, December 5, 2007

Robin's Development Branch

As said earlier, we can now also provide access to the developer branches in the Bro repository. The first one is my primary work branch into which I usually commit my changes before they get merged into trunk. This includes new features as well as bugfixes, both from me and code merged in from other contributors. To check out a copy of my branch, do
svn checkout http://svn.icir.org/bro/branches/robin/work
See CHANGES.features for a list of all changes compared to trunk. Among other things, the branch contains experimental code for
  • the Bro Cluster framework
  • NetFlow support (by Bernhard Ager; will be in trunk real soon now)
  • a preliminary BitTorrent analyzer (by Nadi Sarrar and Bernhard Ager; note that this is not the latest version )
  • an XML analyzer (by Tobias Kiesling)
  • Python bindings for Broccoli
  • Restructured logic for taking drop decisions via Bro's notice framework (by Brian Tierney and me)
  • A test-suite for Bro's communication & serialization subsystems
  • Various tweaks and bugfixes.
Expect to see some information about these and other new features in upcoming postings on this blog.
Posted by at No comments:
Labels: ,

Monday, December 3, 2007

Posters on Architectural Work

We have been thinking about several areas of network architecture. At last week's NSF FIND PI meeting we presented two posters on some of this work.

The first poster is about finding the right network architecture to enable effective network troubleshooting. The poster is here.

The second poster deals with trying to find the right architectural elements and abstractions to enable end-hosts to retain their network standing while powering down to conserve energy. Check the poster here. (Also, you can look at the previously mentioned HotNets paper on this topic, which is available here.)

Comments on either of these efforts would be appreciated.
Posted by at 2 comments:
Labels: ,

Bro's Subversion Repository

We are happy to announce public access to the Bro Subversion repository. As our usual release cycle for new Bro versions tends to be rather long, this will allow the Bro community to benefit more quickly from improvements made to the system. From now on, we will provide public read-only access to two important subparts of the repository (we cannot open all of the repository as it also contains some local data):
  • The trunk. The trunk is the main development head from which the releases are made on a regular basis. The trunk tends to run pretty stable and all changes are required to pass a regression suite to ensure that they do not break existing functionality. Still, the trunk is considered experimental and not suitable for critical deployments. Here's how you get a copy of the current trunk: svn checkout http://svn.icir.org/bro/trunk/bro As usual, see the CHANGES for the news. There is also an RSS feed of the commits to the trunk at http://www.icir.org/svn-feeds/bro-trunk.rss
  • Development branches. In our development model, most work is first done in separate branches until it is eventually considered sufficiently stable to be merged into the trunk. Typically, each Bro developer works own his own development branch (or even multiple of them). While we do not generally open up all branches, we will soon provide access to a subset of them (determined by the branch owners) so that interested people can try new stuff as quickly as possible. Note however that these branches are really unstable; things may break without warning. If something doesn't work as expected, feel free to contact the maintainer of the branch but don't necessarily expect an immediate fix ... Watch this blog for announcements of development branches.
We hope that access to the repository will provide Bro users with a better picture of the system's progress between releases. We will use this blog to introduce some of the features as they are added. At the same time, the public repository should make it easier to contribute patches back into the Bro development.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)