[cs615asa] HW N: Blacklist'd Presentation
JoaoPaulo Rodrigues
jrodrig9 at stevens.edu
Wed Apr 8 22:50:50 EDT 2015
Hello Everyone,
Today I attended, together with Suketu Shah, the NYC*BUG meetup in the
Stone
Creek Bar. The main presentation during the meetup was about a library
interface called blacklist’d by Christos Zoulas. Zoulas was once the
president of NetBSD and now is a member of the board. The whole talk was
about presenting a way that can be helpful in the defense against zombie
bots attacks. Zoulas described the current system, and talked about how
today people can only fight such bots by the use of firewall and by
editing
the firewall rules to block any attacks. To determine whether there is
an
attack, the programmer needs to look into the several logs that are
produced
by daemons and by a syslog program. The problem is that there is no real
uniform way of producing the logs, and therefore it can chaotic to
manage the
logs and dynamically modify the firewall rules to block incoming attack
requests. The solution he proposed was the “blacklist’d” program which
could
be applied at the firewall level. It would produce a uniform way of
logging
information from several daemons and then would check for many
conditions to
determine whether there is an attack happening. He described attacks
through
ssh (which was discussed to be the most recurrent type of attack). Such
attacks would have some user try to connect multiple times, however if
the
user failed to connect for a certain amount of times, they would be
blocked
for a specific amount of hours.
I saw the professor suggested this event on the class twitter and I chose
to
go to it because I was interested in learning more about bot attack
prevention. I think bots are quite interesting and even though they seem
simple, it is quite difficult to prevent attacks of the nature. From the
event
I learned more about firewalls and rule setting and was able to see the
thought process that goes on when developing new software to prevent
attacks.
I was able to see both the thoughts of Zoulas and also the audience that
seemed
to be composed of several system administrators with different
perspectives on
the subject.
Regards,
*JoaoPaulo Rodrigues*
Stevens Institute of Technology, Class of 2015
Secretary - Commuter Student Union
Recording Secretary - Eta Kappa Nu Honor Society
Tutor & Mentor - Academic Support Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20150408/e2e7f78c/attachment.html>
More information about the cs615asa
mailing list