I have been processing some of my network telescope data collected over the last four and a bit years. During this time I have classified a little over 3.2 million IP addresses by operating system making use of p0f The results after the latest updates are: OS Family % Windows 98.84258 Linux 0.811703 FreeBSD 0.170989 [...]
Entries Tagged as 'PhD'
Operating Systems seen on an African Network Telescope
August 11th, 2009 · No Comments
Tags: Networking · PhD · Security
Internet Attack Barometer
June 30th, 2009 · 1 Comment
Interoute has launched a new online Internet Barometer detailing attacks as observed from their 22 monitoring stations across the European portion of the Internet. The site provides rich graph and chart interfaces, which are nicely interactive. There are definatley some ideas I want to incorporate form this into my own Network Telescope management console. It [...]
Tags: Security · Systems Administration · Vizualization
Cleaning up…
June 29th, 2009 · No Comments
With the year almost half gone, and Winter Solstice almost a distant memory, its time to catch up with some of the systems related housekeeping. While conficker seems to still be rampaging around from my scan log inspections, the Conficker Working Group has been quite since late April. A far greater threat to civilization is [...]
Choosing your Computer Security Conference
December 17th, 2008 · No Comments
While trawling through references, and chasing down files as part of my final PhD push, I came across a resource compiled by Guofei Gu at Texas A&M. He has provided a Computer Security Conference Ranking and Statistic page. While by his own admission it is somewhat subjective, he makes use of some interesting metrics. If you ahve novel [...]
New Infosec Viz Tool – Picviz
October 24th, 2008 · 1 Comment
Version 0.3 of PicViz has been released, based on python and QT – which bodes well for potential portability. This is yet another tool to help one actually filter through piles of connections, using a classic parallel axis setup. Drilldown is offered. Some example renderings of the Kaminsky DNS attacks are available. A more advanced [...]
Tags: Security · Vizualization · tools
Applied Security Visualization released
August 21st, 2008 · No Comments
I probably should have posted this a while back but, its still worth noting that Raffael Marty’s Applied Security Visualization has been released, and includes a copy of the DAVIX CD as distributed at Defcon 16 (davix-1.0.1-defcon16.iso.gz – also obtainable from the homepage, includes a couple of packet traces as used in the Defcon workshop) [...]
Tags: Applications · Books · Security · Vizualization
VizSec 2007 proceedings out
June 16th, 2008 · No Comments
The Proceedings of the 2007 Workshop on Visualization for Computer Security (VizSec 2007) are finally available. Springer Has the book available for order at a princely 60 Euros. Amazon has the book listed but not yet available for shipping , but one can pre-order. For those interested, Springer has a flyer and table of contents [...]
Tags: Books · PhD · Security · Vizualization
DAVIX live CD looking for Beta Testers
June 15th, 2008 · 1 Comment
DAVIX is the upcoming live CD for data analysis and visualization, which will be released at Blackhat/DEFCON in Las Vegas this summer, with another talk at VizSec 2008. From the VizSec.org announcement: Jan Monsch and Raffael Marty and have prepared the second beta version of DAVIX. And are now seeking for beta testers that have [...]
Tags: Applications · Security · Vizualization
Visualizing Viruses
June 12th, 2008 · No Comments
Wired has a article on the Artwork done by MIT Media Lab’s grad student Alex Dragulescu. Working under contract to MessageLabs he has produced a number number of pictures, showing images of Mydoom, Ghost Keylogger and other bits of Malware. While all quite pretty there seems to be no detail of how they were created [...]
Tags: Security · Vizualization
Another RFC to BibTeX script
June 9th, 2008 · No Comments
Following form my earlier post regarding a pre-compiled bibTeX database of all Internet RFCs, I discovered while browsing the CTAN archives that Richard Mortier wrote a awk script back in 2000 while at Cambridge Computing Lab, that does something similar. For purists who don’t trust this new fangled XML and XSLT stuff its available at: [...]
Tags: PhD · Uncategorized
