[cs615asa] HW N: Blacklist'd Presentation

JoaoPaulo Rodrigues jrodrig9 at stevens.edu
Wed Apr 8 22:50:50 EDT 2015 

Hello Everyone,

   Today I attended, together with Suketu Shah, the NYC*BUG meetup in the
Stone
   Creek Bar.  The main presentation during the meetup was about a library
   interface called blacklist’d by Christos Zoulas.  Zoulas was once the
   president of NetBSD and now is a member of the board.  The whole talk was
   about presenting a way that can be helpful in the defense against zombie
   bots attacks. Zoulas described the current system, and talked about how
   today people can only fight such bots by the use of firewall and by
editing
   the firewall rules to block any attacks. To determine whether there is
an
   attack, the programmer needs to look into the several logs that are
produced
   by daemons and by a syslog program. The problem is that there is no real
   uniform way of producing the logs, and therefore it can chaotic to
manage the
   logs and dynamically modify the firewall rules to block incoming attack
   requests. The solution he proposed was the “blacklist’d” program which
could
   be applied at the firewall level. It would produce a uniform way of
logging
   information from several daemons and then would check for many
conditions to
   determine whether there is an attack happening. He described attacks
through
   ssh (which was discussed to be the most recurrent type of attack). Such
   attacks would have some user try to connect multiple times, however if
the
   user failed to connect for a certain amount of times, they would be
blocked
   for a specific amount of hours.

  I saw the professor suggested this event on the class twitter and I chose
to
  go to it because I was interested in learning more about bot attack
  prevention. I think bots are quite interesting and even though they seem
  simple, it is quite difficult to prevent attacks of the nature. From the
event
  I learned more about firewalls and rule setting and was able to see the
  thought process that goes on when developing new software to prevent
attacks.
  I was able to see both the thoughts of Zoulas and also the audience that
seemed
  to be composed of several system administrators with different
perspectives on
  the subject.

Regards,
*JoaoPaulo  Rodrigues*
Stevens Institute of Technology, Class of 2015
Secretary - Commuter Student Union
Recording Secretary - Eta Kappa Nu Honor Society
Tutor & Mentor - Academic Support Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20150408/e2e7f78c/attachment.html>

More information about the cs615asa mailing list