NYC*BUG Meetings and EventsFeeds: [RSS]
RP Counterattack and Net Sensor, Boris Kochergin
(Audio generously recorded and processed by Nikolai Fetissov)
Boris will be speaking on two networking topics.
RP Counterattack (will include a demo!):
Monitors traffic on any number of Ethernet interfaces and examines ARP replies and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP request that is in conflict with its notion of "correct" Ethernet/IP address pairs, it logs the attack if logging is enabled, and, if the Ethernet interface that the attack was seen on is configured as being in aggressive mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables of hosts on the local network segment. The corrective gratuitous ARP request and corrective gratuitous ARP reply can be sent from an Ethernet interface other than the one that the attack was seen on.
Net Sensor (will include a demo!):
Aims to be a general-purpose, modular network-analysis suite for use in research, diagnostics, forensics, and statistics-gathering. It monitors traffic on an Ethernet interface, performs some pre-processing on it--such as figuring out where a packet`s payload begins--and passes it along to any number of modules. A module is an ELF shared object which may maintain state, write data out to disk using the Berkeley DB-backed Writer library, or send e-mail using the SMTP library. In addition to processing packets from the network, a module can also accept input from any number of other modules. Current modules include an HTTP session-keeping module, an HTTP session-logging module, and a BitTorrent-detection module.
Boris Kochergin is currently a system administrator and programmer at New York Internet. He was a network and system administrator at NYU-Poly`s business incubator at 160 Varick Street (consulting), network and system administrator at EmPower Solar (consulting), network and system administrator at Ecological, LLC (consulting), and programmer for the Long Island Solar Energy Industries Association (consulting).