Friday, November 03, 2006

NoVA Sec Meeting Follow-up

We had a great meeting last night. Thanks especially to Steven Murdoch for a creative and highly technical briefing. The slides we saw are online (.pdf), and the paper is here (.pdf).

Steven mentioned the Sybil attack, and I found the original paper here. Wikipedia's entry on information theory might be useful, assuming some joker hasn't corrupted it. Low-bandwidth covert channels are great ways to transmit AES keys. Steven's talk reminded me that calculus-like or -based methods, or basically thinking about measuring changes over time, is a powerful analytical method. Finally, Steven mentioned he wrote some of his tests in Lua, which has a FreeBSD port and a new Wrox book arriving next spring.

We've got several initiatives in mind. I'm going to need some help with these if we want them to go anywhere. If no one cares, that's cool too.

  1. Can anyone recommend future speakers? If you have an idea, please email me: taosecurity [at] gmail [dot] com. We're looking for anyone who would like to speak on a technical topic.

  2. Paul mentioned interest in setting up a distributed attack-and-defend network (AADN). You would provide one or more systems from which you would attack other people on this network, and which could be attacked by others. I believe establishing some sort of VPN among all participating nodes would be the best way to hide this activity from ISPs, and also guarantee that whomever is part of the VPN has really agreed to participate in this activity. If anyone is interested in this idea, please post a comment.

  3. Beyond an individually owned-and-operated AADN, there is some interest in collecting old gear for NoVA Sec learning and experimentation. For example, it would be nice to assemble a collection of Cisco equipment for those who want to gain some hands-on experience without potentially corrupting their production gear at work. I have a friend at Cisco who might be able to contribute old gear. We would also need a central location to house it and an equipment custodian.

On the communications side, our ability to communicate effectively is going to outgrow blog comments. A few ideas follow:

  1. Would anyone want to set up and maintain an IRC channel?

  2. Would anyone want to set up and maintain a mailing list?

  3. Is there a need for a Web site other than this blog?

Thank you.


J. Hefner said...

Richard, I have some computer equipment that can be used for the AADN. We could also do a big vmware server and use a bunch of VM's. Secondly I have a cisco 2514 router that I can lend to the group for use.

Da Kahuna said...

I will have to check the closet but I think I have a Cisco 2511 (not sure what good it will be) and maybe a Juniper (Netscreen) VPN concentrator.

I like the idea of the AADN. However, I know that unless we do set up a VPN, my ISP does not let anything to come in.

Scott Gentzen said...

I'm really liking the AADN idea.

I'm working on some hardware/vmware for it if it goes.

Not sure if another full website is necessary at this point. Maybe a wiki?