Tuesday, April 22, 2008

Should PCs Grapple With Ethics?

Last week at the USENIX WOWCS workshop the following paper was presented:

Tuesday, April 15, 2008

LEET'08 paper on botnet-based spam campaign infiltration

At today's LEET'08 workshop we presented a detailed analysis of the internal workings of a large-scale spamming operation, namely that orchestrated using the Storm botnet.
  • C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. On the Spam Campaign Trail. First USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '08), 2008, San Francisco, USA.
This is joint work with UCSD as part of our CCIED effort.

Tuesday, April 8, 2008

An Interactive Shell For Operating Bro Setups

For the Bro Cluster, we are developing an interactive shell to facilitate easy operation of such multi-system setups. The shell provides a customizable framework for all the common tasks involved in maintaining a Bro setup, such as configuration & installation, log rotation & archival, mail notifications, profiling, etc.

While we originally intended the shell to be used with clusters, it seems only natural to provide the same functionality for traditional, single-system Bro setups as well. Consequently, we added a standalone mode to the shell, and the freshly updated shell documentation explains how to set this up.

Be careful though: this is still under development and requires an unstable development version of Bro. Things are still in flux and the shell is not suitable for production use at this time. If however the standalone mode turns out to work well, it might at some point replace Bro's current BroLite run-time framework, which is no longer maintained.

Wednesday, April 2, 2008

Note About Peer Review

A new short note on refereeing appears in the editorial zone of the April issue of CCR:
  • Mark Allman. Thoughts on Reviewing. ACM Computer Communication Review, Editorial Contribution, 38(2), April 2008.
Comments welcome!

ICSI's CyberTrust Poster

Our Poster from the CyberTrust PI Meeting is online. This acts as a very high level summary of four of our current focuses: Understanding the underground economy, developing situational awareness across time and space, parallelizing intrusion detection, and web tripwires.