User login

Blogs

02

Aug

2011

Spent this week working on 518 cyber security stuff. Planning out the assignment we're going to set in a couple of weeks on snort. Have been continuing to build the frontend to libvirt for the students to use to get their virtual machines running.

Finished building the snort network for Andreas to use to give demonstrations to the class next week and it seems to be running quite nicely.

01

Aug

2011

Started getting some results from processing various Auckland and ISP traces - found one or two bugs along the way, so some re-processing has been necessary again.

Finished automating the graphing part of the analysis.

Continued working on an AS-level analysis for the trace data. Reading the routeviews BGP data is still not going well - it works in the general case but sooner or later you end up hitting a record or update that doesn't make sense and the whole thing segfaults.

Received reviews for the rejected libtrace paper. In response, I've started looking into replicating the simple Allman / Paxson study that originally used Bro for extract the required packet and flow properties. The current plan is replicate the study using each of the packet processing libraries mentioned by reviewers as equivalent to libtrace and prove once and for all that those libraries are nowhere near as good as libtrace.

26

Jul

2011

Finally tracked down the cause of extra states being present in the SMTP
state machine after they should have been removed, which means I can now
run it over the full dataset I had planned. Started it running and while
doing so began investigating how much I can parallelise the state merging.
Got the required locking done and looks like the approach should work but
I'm unsure how much speedup I will gain with the large areas that do need
to be locked.

Fixed a few scripts involved in reporting on the Ubiquiti router I have
running AMP and updated firmware images to better suit the new environment
(running at home on my dsl connection). Generally seems happy enough,
though something is eating either my udp traceroute probes or the icmp
responses.

25

Jul

2011

Hey guys, hope you are all well. Brenda and I are currently in
Beijing, we are having an awesome time. If you want to keep up to date
with what we are up to, we are keeping a blog at
http://blogs.statravel.com/samo83/. Ciao for now :)

25

Jul

2011

Released maji-1.0.2 on Monday.

Continued processing trace sets to generate results for my graphs. I soon realised that manually updating the scripts that convert the results into graphs was taking a horrendously long time (and was also incredibly tedious), so started working on a different script that could automatically generate the bash and gnuplot scripts I had been using. I can then just add a single line to the script for each new dataset and the graphs will be created from there.

This hasn't been entirely straightforward - each different type of graph has subtle differences that prevent me from using a single generic "make CDF" or "make time series" function. Still, it seems to be working well, just need to add code for the last few analysis types that I've done.

Found out over the weekend that the libtrace paper was rejected by IMC again, but the inbound sessions paper was accepted by ATNAC.

22

Jul

2011

Have started working on building the virtual machine infrastructure for COMP518 (Cyber Security) this week. Started by deploying some VMs for Andreas to use for demonstrating how snort works.

I'll start next week writing a web frontend for libvirt that will let lecturers define an assignment and students to instantiate that assignment and work on it.

22

Jul

2011

Made a 520 interim presentation and presented it to the rest of the students on Wednesday. Steve is recording all of the presentations through Panopto. It was quite interesting listening (and watching) myself speaking. I need to cut back on the ummmms! Apart from that, the audience seemed engaged and asked thoughtful questions afterwards.

I have started looking in to producing a more stable and complete version of the Karen weather map such that I can evaluate my map with them. I also finally started playing with the CRCnet hosts file from Jamie.

20

Jul

2011

Finished getting the newest version of R working and fixed the crashes it
was causing. Spent a lot of time chasing down a bug in deleting nodes that
had crept in while trying to improve the speed at which the SMTP state
machine generator runs (deleted nodes were reappearing).

While that was running I tidied the emulation network
imaging/configuration code up a little more and reworked it to make it
easier to add configuration for other operating systems.

19

Jul

2011

Last week was Oweek so I was helping out the WSU again running events which was good fun. At WAND I've started to package up bearwall which is the new firewall that will be deployed to all the WAND servers.

Warlock also decided to die twice this week, the first time after a DoS attack from Spain which hit resource intensive parts of websites warlock hosts, me and Jamie have since deployed an iptables rule to prevent this type of attack in the future.

18

Jul

2011

After a two year development hiatus, a new version of maji (our libtrace-based IPFIX meter) has finally been released.

This release adds support for encrypting IPFIX records exported using the TCP and UDP transports, fixes some bugs observed when measuring IPv6 traffic, adds new information elements for ICMPv6 and also fixes a few errors and warnings that have come about due to changes in supporting software over the past couple of years.

We would like to offer special thanks to Benjamin Black and Rong Zheng, who both contributed code towards this release of maji.

The full list of changes is described in the maji ChangeLog.

Download maji-1.0.2 here!