IDS Focus

CfP EWNI2010: 1st European Workshop on Internet Early Warning and Network Intelligence

Thu, 12 Nov 2009 16:03:40 GMT

Posted by Till Dörges on Nov 12

Hi all,

attached the CfP for the 1st European Workshop on Internet Early Warning and Network
Intelligence. If you have any questions please don't hesitate to contact me.

Regards -- Till

Re: Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?

Mon, 02 Nov 2009 15:24:06 GMT

Posted by Ray on Nov 02

Although this also does not meet the PCI requirement, one thing you can do
to rapidly detect transient wireless access points is this:

1. Make sure your network default route leads to your firewall.
2. Monitor the firewall for internal devices trying to do NTP (time sync)
lookups.

This presumes you have an internal time server system and you have properly
configured your internal systems to not go to the Internet for time.

It works because...

Re: Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?

Fri, 30 Oct 2009 17:59:19 GMT

Posted by brian_klumpp on Oct 30

I realize this thread is a little old, but I did want to make a comment in regards to this. As a QSA, *wired* side
scanning alone would be insufficient to meet the intent of the PCI DSS 11.1 requirement. There is this quote from PCI
Council:

"Relying on wired side scanning tools (e.g. tools that scan suspicious hardware MAC addresses on switches) may identify
some unauthorized wireless devices; however, they tend to have high false...

Announcing pcapr Trends

Thu, 01 Oct 2009 16:31:54 GMT

Posted by kowsik on Oct 01

With the recent influx of pcaps, the number of protocols and pcaps are
getting to the point where interesting trend analysis makes sense. So
we set out to find the meaning of it all with multi-dimensional data
visualization using Motion Charts.

We wanted to find out
- How does the coverage and #pcaps for a given protocol trend over time?
- When was a protocol first introduced into pcapr?
- What is 42 and what does it have to do with packet...