Wednesday, February 29, 2012
Monday, February 27, 2012
I forgot about this blog...
But that is changing!
-Chuck, The Maddog Monk
Friday, February 20, 2009
Coming soon to a blog near you
I have plenty to talk about, quite a bit I want to say, I just have to form the thoughts into something coherent enough for a blog entry.
Yesterday (Feb 19) was one month since my Mom was buried. She passed away Jan 16th, and was buried Jan 19th. She was 58 yrs old. I’m still unsure what to think, what to feel, how to feel.....gah, I just don’t know. *shrug*
Anywho, I’ll be back soon.
peace out
-Chuck
:wq
Sunday, May 18, 2008
This message was sent using the Picture and Video Messaging service from Verizon Wireless!
To learn how you can snap pictures and capture videos with your wireless phone visit www.verizonwireless.com/picture.
To play video messages sent to email, QuickTime� 6.5 or higher is required. Visit www.apple.com/quicktime/download to download the free player or upgrade your existing QuickTime� Player. Note: During the download process when asked to choose an installation type (Minimum, Recommended or Custom), select Minimum for faster download.
Tuesday, July 17, 2007
HIDS are from Mars, NIDS are from Venus
Example: HIDS will see the syslog events where someone tried logging in via ssh, and is pretty positive that these events occurred. Very fact based, not very subtle. NIDS sees the ssh traffic, and probably wouldn't trigger an event unless the ssh packets are not rfc compliant or an attack pattern is detected in the packets themselves. If NIDS does trigger an event, the event would be somewhat vague and non-committal, and you (the IDS engineer/analyst) would have to do some interpretation and correlation. Note the subtle differences in how each approaches and implements their solutions to the same problem; that being intrusion detection.
I'll leave it up to you, the reader, to decide which variant of IDS fits which gender. It's safer that way...less chance of offending someone's (so-called) politically correct sensibilities. Me personally....I'm a HIDS.
Quite often it can be difficult correlating events from HIDS and NIDS (e.g. He said..., She said...”), let alone other event sources (which we won't go into for this brief discussion). Since HIDS and NIDS look at intrusion detection differently, they are bound to talk about (log) events differently and use differing lingo. You need someone to act as a go-between, and interpreter who understands both languages (HIDS and NIDS), and can make sense out each input (logs) as well as provide an accurate “big picture” of your environment (depending on how many logging sources you have of course). OSSEC-HIDS fits that role quite well. It understands NIDS events, HIDS events, firewall events, and so much more. It's the relationship counselor of intrusion detection. *smile*
Anyone who knows me, knows that somehow I'll find a way to wriggle OSSEC-HIDS into most any conversation. It's one of my favorite open source projects. Perhaps I am somewhat biased in my opinions regarding OSSEC-HIDS, but what I said about it is essentially accurate, though understates the features it brings to any environment. OSSEC is more than an IDS relationship counselor, but it handles that task quite nicely if you ask me.
Tuesday, July 10, 2007
Nothing is going to change until I become President of the U.S.
Answer: The United States Constitution outlines the requirements for President in Article 2. This article of the U.S. Constitution also outlines the powers of the President and Executive branch of government.
Section 1 of Article 2 of the U.S. Constitution states that a President must:
- Must be a natural born citizen of the United States.
- Must be at least 35 years old.
- Must have lived in the United States for at least 14 years.
Hmmm....well, let's see if I qualify. Yep, I am a natural born citizen of the United States. Yes, sadly enough I am over 35 years of age (though not by much!). And yes, I have lived in the United States for at least 14 years (I've lived in the U.S. my entire life...all 39 years.)
So I guess I do meet the minimum requirements to run for the office of President of the United States. Now all I need is some folks to vote for me. :)
Monday, June 4, 2007
CTF 07 Qualification round has begun.....and ended.
About 10:30pm (mountain) Sunday night (right after the quals ended), Syndrowm sent me a text message saying that we were in (we qualified for CTF)! So I ran downstairs (I was upstairs reading) to my laptop to check on the mud, and on irc, to see what the heck happened. Turns out that two of the teams that qualified couldn’t make it or just decided not to compete, so that freed up two slots and put us into 9th place; still not enough to get us “To The Show”. Then we found out that two other teams that had qualified were actually “ghost teams” for other team(s) that had qualified, so they dropped the two ghost teams, which put us in 7th place....enough to qualify us for CTF!
Note: This year’s qualification round was a stone cold bitch. Mad props go out to the folks that put it all together, Kenshoto. I seem to recall many threats of kicking Invisigoth in the shins for *insert category*/*insert question value*. ☺ It was incredibly fun, and incredibly challenging.
Link to the results page: http://www.kenshoto.com/ctf07/quals_final.html
I have a lot of studying and trial/error to do before the actual competition. Time to start hackin’ up my lab network!