'network' Category

• NSM-Console version 0.4 release

  January 16, 2008

  Well, it has barely been any length of time and there’s already a new release of NSM-Console, there are so many features that I’ve been coding like crazy to get them all done. First, let’s start with the downloading: http://writequit.org/projects/nsm-console/files/nsm-console-0.4.tar.gz And, for anyone interested, here’s a rundown of the most notable new features: Additional encoding/decoding […]

  posted in framework, hex, monitoring, monkey, network, nsm, nsm console, packet, ruby, script, security, tcpick, tcptrace by Lee

• NSM-Console version 0.3 release

  January 8, 2008

  Yep, I’ve just been cranking out code lately, so I am proud to present the 0.3 release of nsm-console! You can download NSM-Console here: http://writequit.org/projects/nsm-console/files/nsm-console-0.3.tar.gz This release was focused a bit more on usability, features and bugfixes rather than the addition of new modules, however, there were still a couple that were added. Since this […]

  posted in argus, console, decode, development, encode, fl0p, framework, hex, iploc, lgpl, monitoring, network, nsm, nsm console, opensource, ruby, script, security by Lee

• Some reference for locality in infosec

  January 4, 2008

  A week or so ago I wrote about locality of reference in regards to network security, I found some *actual* research done on the topic and wanted to share it: http://www.cert.org/netsa/publications/Nspw2003-gates-locality.pdf I’m still in eager anticipation of the first tool to use locality for malicious activity assesment.

  posted in cert, infosec, locality, network, reference, security by Lee

• NSM-console version 0.2 release

  December 21, 2007

  I found out there is internet here, so I’m finally able to post some code changes I was working on while on the airplane. Firstly, download the files here. The static page for nsm-console is here. I finally got around to releasing the next version of the nsm-console. This version incorporates a large amount of […]

  posted in automation, framework, freebsd, hacking, hex, network, networking, nsm, nsm console, pcap, ruby, script, security by Lee

• Locality of reference in information security

  December 19, 2007

  I’ve been kicking this idea around in my head for the last couple of days, trying to decide what to write… Return with me, for a moment, back to the computational hardware class you took in college (if you did take one, don’t worry if you didn’t). Do you remember discussing program/memory flow? How about […]

  posted in infosec, locality, network, networking, nmap, nsm, scanning, sequential, spatial, temporal by Lee

• Network traffic IP Location aggregator (iploc)

  December 14, 2007

  Have you ever been looking through your pcap files (or live captures) and wondered where all the traffic was coming from (or going to)? I have! Well, I’ve written a small (< 150 lines) script to aggregate all of the packet source addresses into a neatly separated CSV (comma-separated values) file. It includes <ip address>,<country>,<city […]

  posted in csv, ip, iploc, location, locator, network, pcap, ruby, script, traffic, visualization by Lee

• Joining the Hex Network Security Monitoring LiveCD project

  November 20, 2007

  Yep, that’s right, I’m going to be helping out with the Hex LiveCD project. I will hopefully be doing some development for some of the NSM tools and fixing bugs in the CD. In case you don’t know what Hex is, let me give you a little synopsis (from the Trac): “HeX LiveCD is a […]

  posted in bsd, freebsd, hex, livecd, monitoring, network, nsm, security by Lee

• A good set of baseline ipfw firewall rules for Mac OSX

  November 16, 2007

  I want to point out the excellent baseline firewall rules posted by rmogull over on his blog. Check them out if you’re looking for a starting point for ipfw rules on OSX. Thanks rmogull!

  posted in firewall, ipfw, mac, network, networking, osx, rules, security by Lee