[cs615asa] HWN
Suketu Shah
sshah75 at stevens.edu
Thu Apr 9 11:17:34 EDT 2015
Hey everyone,
I went to a tech talk today along with JoaoPaulo Rodrigues on a NetBSD tool
called Blacklist'd written by Christos Zoulas at an event hosted by the NYC
BSD User Group. A brief background on Christos: He is the former President
and current member of the Core Group
<https://www.netbsd.org/people/core.html> of NetBSD Project
<https://www.netbsd.org/foundation/>. He is heavily involved in the
development of the NetBSD Project and is one of the top code contributors
of the project from the start. The central idea behind this tool was to
protect against the zombie bots attacks. He mentioned the top 3 tools that
are available right now in the market: sshguard, fail2ban and denyhosts.
The primary motivation according to him why he decided to write his own
tool over industry standard tools is to get uniform logging from various
daemons. The industry standard tools also produce a lot of extra logging
which can be useless to detect an attack. Blacklist'd talks directly to
daemons, works at the firewall level and avoids extra unnecessary logging.
This tool is similar to the "iptables" utility that is available in Red Hat
Linux where you create rules for specific IPs or for a group of IPs and
give them specific access or block them all together. You also block
incoming requests for a specific time if you want.
This event was pretty interesting for me since this talk was the
combination of this class and the class I took in Cyber Security last
semester (CS573). It was pretty cool to see the application of concepts
from this class where as sysadmin you try to prevent any time of attacks at
any point in time. It was also helpful to meet a lot of individuals from
the industry who deal with sysadmin problems on a day to day basis for
companies like Google, Financial Institutions, etc. We also got to meet Wietse
Venema <https://en.wikipedia.org/wiki/Wietse_Venema>, the creater of TCP
Wrapper <https://en.wikipedia.org/wiki/TCP_Wrapper> for NetBSD.
Thanks,
Suketu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20150409/86f49155/attachment.html>
More information about the cs615asa
mailing list