Static in the Ether

After what seems like an eternity, I can blog again. The delay was caused by a combination of flaky Hard disk on lair (resulting in a read-only mount), and a lack of time between InfoSec Africa, the National Arts Festival and the Departmental Honours Industry visit, and starting my major stretch of teaching for the year to actually get the problem solved.

After rummaging around in one of my boxes at home I found a suitable replacement drive, and have taken the opportunity to do the OS upgrade — re-install — from 5.0 to 5.4. Other than the usual fun of making sure the same packages are installed, and minor tweeks in configuration files due to version upgrades, things went very smoothly, with the only real hiccups, being wet ware problems as I mounted partitions in the wrong place and had finger trouble copying things to the right directories.

In other news, progress is being made on a number of fronts

• Thanks to Jacot, Guy, David and Jock, Ive now got a proper Darknet running and collecting some very interesting backscatter data. The next coupe of weeks will focus on actually working out what exactly to do with the data, but for now everything is being logged to good old pcap files. As an aside, anyone seeing massive numbers of probes to 1434/udp (MS-sql-M) ??. What this means is that I am actually making some kind of progress on what up until now has been a rather elusive PhD
• My first batch of Masters Students Russell, Dominic and Yusuf have also started on the final slog to actually get their research and ideas down onto paper. Somewhat nervous times for me since they are my first batch, but I have full confidence in you all!
• Two weeks to go untill my op to remove the broken bits of bone in my foot. I cant wait. Weather is starting to improve ,and its getting light earlier, and I’d love to be out and about on my bike, o hopefully three weeks and I can start getting back into action.

I’ve also been working on some other bits and pieces I’ll post in due course, fornow its good to be back

PS - For those of you that were following Planet Rhodes or Planet Security, they are now updating correctly, and regularly. I notice a couple of dead links on both, and I’ll weed them out in due course.

Eweek is carying a story about the launche of the ISEAGE project (Internet-Scale Event and Attack Generation Environment) by the Information Assurance Center at Iowa State University.

This USD 500K environment aims to be able to perform a complete simulation of Internet Activity, by its 64 processor nodes.the stated outcomes are:

“Dedicated to creating a virtual Internet for the purpose of researching, designing, and testing cyber defense mechanisms, the proposed one-of-a-kind facility will be the catalyst for bringing together top researchers from several disciplines for a common goal of making computing safer. Unlike computer-based simulations, real attacks will be played out against real equipment. ”

I really really want one :-) or at the least I think somethign like this could prove valuable for the model evaluation that I’m looking at for my PhD Research. What I am looking forward to on a more practical level is when they start releasing some more detailed design documents and software. We have massive computing facilities in terms of the various large undergrad and general access labs on campus — the majority of which lie completely unused over the long December break. Depending on the complexity of the setup, I would hope it would be possible to construct at least a scale replica , although temporary.

This is definatley a project I will be watching with interest as it grows. The ISEAGE Overview document (pdf) currently provides some of the motivation for such a facility.

I found this going through a backlog of ISN mail.

DEVELOPERS AT F-Secure have issued a challenge to hackers to find an
embedded message in a .EXE file.

The challenge looks quite tricky, and the winner gets a free ticket to
the T2′05 info sec conference in Finland, but unfortunately only if
she or he lives in Finland.

As well as figuring out the message, and sending it to a pre-defined
email address, information about the methods and tools must be
supplied.

There’s more information, and the rules of the challenge, here

Even tho I cant win a trip to the con, it should be fun trying to extract the data out he provided file. Hopefully when the competition closes, a solution will be released.