Bro Workshop 2009, the 2nd.

Update: See the workshop's web page for more information.

The Bro team and the Lawrence Berkeley National Lab are pleased to announce a further "Bro Workshop", a 2.5-day Bro training event that will take place in Berkeley, CA, on October 13-15, 2009.

The workshop is primarily targeted at site security personnel wishing to learn more about how Bro works, how to use its scripting language and how to generally customize the system based on a site's local policy.

Similar to previous workshops, the agenda will be an informal mix of tutorial-style presentations and hands-on lab sessions. No prior knowledge about using Bro is assumed though attendees should be familiar with Unix shell usage as well as with typical networking tools like tcpdump and Wireshark.

All participants are expected to bring a Unix-based (Linux, Mac OS X, FreeBSD) laptop with a working Bro configuration. We will provide sample trace files to work with.

This workshop will again be hosted by the Lawrence Berkeley National Lab, and it will be located at the Hotel Durant in Berkeley. We will soon provide a web site with more detailed registration and location information. To facilitate a productive lab environment, the number of attendees will be limited to 30 people. A registration fee of $125 will be charged.

Introducing the ICSI Netalyzr

Today we're very happy to announce public availability of the ICSI Netalyzr. Our goal was to build a service that shows you in detail what's up with your network connection, whatever network you might find yourself in, whenever something's not working, or when you're simply curious. The numerous tests conducted by the Netalyzr include HTTP proxy discovery, HTTP caching behavior, NAT detection, TCP & UDP port filtering, DNS resolver behavior, IPv6 connectivity, connection latency, bandwidth, and buffer properties, and more.

All you need is a Java-enabled browser and a visit to http://netalyzr.icsi.berkeley.edu.

We hope you'll find the site as useful as we do. We're very keen to hear your feedback, whether it's interesting results, suggestions for improvements, or any issues you've encountered.

Go forth and netalyze!

LEET'09 paper on orchestration of spamming campaigns

At yesterday's LEET'09 workshop we presented an inside look at how spammers orchestrate their campaigns, based on a 10-month infiltration of the Storm botnet.

• C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamcraft: An Inside Look At Spam Campaign Orchestration. Second USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET '09), 2009, Boston, USA. (bib)

This is joint work with UCSD as part of our CCIED effort.

User-Oriented Networking Talk at FIND PI Meeting

Slides from a talk at the NSF FIND PI meeting last week:

• Mark Allman, Michael Rabinovich, Nicholas Weaver. User-Oriented Networking. NSF FIND PI Meeting, April 2009.

New Paper on Efficient Application Placement in Large WWW Apps

The following paper is about techniques for aiding systems that swap large applications in and out of use (e.g., generic platforms for web applications). It will be presented at WWW this month:

• Zakaria Al-Qudah, Hussein Alzoubi, Mark Allman, Michael Rabinovich, Vincenzo Liberatore. Efficient Application Placement in a Dynamic Hosting Platform, International World Wide Web Conference, April 2009.

New Paper on Ephemeral Port Selection

The following paper on the efficacy of various ways to generate obscure ephemeral ports appears this month:

• Mark Allman. Comments On Selecting Ephemeral Ports, ACM Computer Communication Review, April 2009.

Summer Internship Applications Now Being Accepted

The Networking Group is now accepting applications for Summer 2009 internships. Applicants should be Ph.D. students with a solid background in networking and/or security. To apply, send a resume to summer@icir.org, and arrange for a letter of reference to be sent to that address too. The deadline is Monday, March 2nd, 2009.