Thursday, December 18, 2008

New Project: Relationship Oriented Networking

In January we will begin a new project that considers a "Relationship Oriented Network". That is, an architecture that utilizes social graphs across protocols and services to provide users with more convenient and trustworthy communication. A description of the project is available. This project is joint work with Case Western Reserve University. Thoughts on such topics are very much welcome.

Draft Paper on Port Randomization

One technique proposed to mitigate the problems blind attackers can cause by injecting traffic into some connection is to carefully choose the transport layer ephemeral port number. This makes it difficult for an attacker to spoof traffic to some valid endpoint and have that traffic acted upon. A number of port selection schemes have been developed. We add to this list and evaluate the known techniques in the following draft paper. Comments welcome.


Mark Allman. Comments On Selecting Ephemeral Ports, December 2008.

Monday, December 8, 2008

Bro Issue Tracker

The Bro team is happy to announce the new Bro Issue Tracker. Feel free to submit your favorite bug there (and the other one too!)

Bro Workshop 2009

Update: The workshop has a home page now.

Update: The workshop has filled up already but we have set up a waiting list in case space becomes available.

The Bro team and the Lawrence Berkeley National Lab are pleased to announce the "Bro Workshop 2009", a 2.5-day Bro training event that will take place in Berkeley, CA, on Feb 10-12 2009.

The workshop is primarily targeted at site security personnel wishing to learn more about how Bro works, how to use its scripting language and how to generally customize the system based on a site's local policy.

Similar to the 2007 workshop, the agenda will be an informal mix of tutorial-style presentations and hands-on lab sessions. No prior knowledge about using Bro is assumed though attendees should be familiar with Unix shell usage as well as with typical networking tools like tcpdump and Wireshark.

All participants are expected to bring a Unix-based (Linux, Mac OS X, FreeBSD) laptop with a working Bro configuration. We will provide sample trace files to work with.

The 2009 workshop will be hosted by the Lawrence Berkeley National Lab. The registration is now now open. We will soon provide a web site with more detailed location information. To facilitate a productive lab environment, the number of attendees will be limited to 30 people. A nominal registration fee of $50 will be charged.

We also expect to have time for 2-3 case-study presentations from people using Bro in their environments. If you have something interesting to talk about, please contact Robin via mail.