Wednesday, March 11, 2009

openpacket.org

I recently took over managing and maintaining OpenPacket.org from Richard Bejtlich of TaoSecurity. I would like to extend my thanks to Richard for his time and efforts in getting OpenPacket.org off the ground.

The mission of OpenPacket.org is to provide quality network traffic traces to researchers, analysts, and other members of the digital security community. One of the most difficult problems facing researchers, analysts, and others is understanding traffic carried by networks. At present there is no central repository of traces from which a student of network traffic could draw samples. OpenPacket.org provides one possible solution to this problem.

Analysts looking for network traffic of a particular type can visit OpenPacket.org, query the OpenPacket.org capture repo for matching traces, and download those packets in their original format (e.g., Libpcap, etc.). The analyst will be able to process and analyze that traffic using tools of their choice, like Tcpdump, Snort, Ethereal, and so on.

Analysts who collect their own traffic will be able to submit it to the OpenPacket.org database after they register.

Anonymous users can download any trace that's published. Only registered users can upload. This system provides a level of accountability for trace uploads.

Our moderators will review the trace to ensure it does not contain any sensitive information that should not be posted publicly. Besides appearing on the site, once a trace has been published you can receive notice of it via this published trace RSS feed.

If you have any doubt regarding the publication of a trace, do not try to submit it. When moderators are unsure of the nature of a trace, we will reject it. OpenPacket.org is not a vehicle for publishing enterprise data as contained in network traffic.

In the upcoming months you will see significant changes and improvements to the OpenPacket.org site. Many of these suggestions are the result of user feedback, so please keep it coming and stay tuned as updates are released!

JJC
Posted by JJC 0 comments
Labels: , , , , ,

Thursday, January 15, 2009

New IDS/IPS technologies

Recently while parusing the intertubes I ran across a new IDS/IPS technology (PHPIDS) "http://www.php-ids.org". This is an interesting and simple concept that can add an additional layer of security to your web application(s). This being said, I am not sure that I would run it solely, but I will be testing it over the week and posting the results subsequently.
Posted by JJC 0 comments
Labels: , , , ,

Thursday, November 27, 2008

HeX 2.0 USB RC1 (4G)

Happy Thanksgiving, my gift to you.. HeX 2.0 LiveUSB RC1 (the 4G version)

Yes, I know, I can hardly believe what I am typing! I finally got it finished and uploaded. As noted above this is the 4G version... I am working on a 2G but it might now be squeezable into that small of a space.. so more to come! This 4G version has a decent amount of workable space so that you can store items etc...

You can obtain the image at the following US site, will be publishing to the site and full mirror list shortly.

Also, remember that to write the image, you simply use dd to the thumb drive itself (not a partition/slice/etc). i.e. on OSX if you have only that USB device connected that you want to write to: "dd bs=2048 if=/path/to/hex-i386-2.0-USB-4G.img.gz of=/dev/rdisk1" (you may need to run under sudo...)

Note this is a 1.4G file, I will also be publishing this to the Security Torrent Depot shortly!

http://us.rawpacket.org/image/hex-i386-2.0-USB-4G.img.gz
http://us.rawpacket.org/image/hex-i386-2.0-USB-4G.img.gz.md5
http://us.rawpacket.org/image/hex-i386-2.0-USB-4G.img.gz.sha256

Cheers,
JJC
Posted by JJC 1 comments

Monday, October 6, 2008

HeX 2.0R Released!

After much adeau, HeX 2.0R is out... the improvements are numerous and include:


1. FreeBSD 7 Stable
2. Unionfs
3. NSM Console updates
4. Tons of analysis alias and scripts
5. Tons of NSM tools' signatures
6. Firefox - Useful websites bookmark
7. Liferea - Security rss feeds


For more info: http://us.rawpacket.org

Thanks to the rest of the HeX team for diligent and hard work on this.... more to come!

J
Posted by JJC 3 comments
Labels: , , ,

Tuesday, September 16, 2008

Slack @$$?

I apologize for my seemingly slacke-***edness of late... I have been extraordinarily busy performing some work for a new security firm and thus unavailable to post here. I do have quite a bit of material that I will be posting in the upcoming months and weeks so stay tuned, things are about to get exciting :-).

Also, as a side note, please pay close attention to the openpacket.org site, as we will be making some major changes shortly.

Cheers,
JJC
Posted by JJC 0 comments
Subscribe to: Posts (Atom)