12 February 1998

Question & Answer Sessions

How did Peter get a neat NFR jacket?

He gave them his best programmer.

How do you use PGP with Netscape mail?

No one's tried it. Netscape refuses to do it, due to their agreement with Verisign.

Looking for Netscape mail for Palm Pilot Pro?

Nothing.

Cirrus 5664 with XFree86?

Talk to Troy. He's had a bit of experience with it.

Linux for Sun weenies?

Linux Bible. Redhat installation guide. Linux Network Administrator's Guide. The most recent O'Reilly system administration book. Grep the HOWTO files.

How do you optimize throughput over PPP (Win95<=>Portmaster)? Reducing ping times in general?

Adjust the MTU and packet filters. Turn off compression. TCP window size can be fiddled. See http://www.win95.com/ for more info. Talk to the modem as fast as you can.

Media One & cable modems: anything other than Win95?

See http://people.qualcom.com/karn/ (Phil Karn) for someone who's done this and made the source code available.

SGI _is_ a big question mark?

Only when it comes to who contacting SEMiSLUG.

Jobs?

Got something? Talk to Troy.

Need something? Talk to Chad about Microsoft. Talk to Troy (MS Mail, Novell, AIX, routing, Linux). MJO may be trying to round up contractors for Altair to abuse.

Current version of Red Hat? Is X configuration any easier than with Slackware?

5.0 is the most recent. Both have advantages and disadvantages when it comes to X installation.

Cheap HP workstations (PA/RISC) - got any? Know where to find any?

If so, tell Troy.

I'm getting duplicate SEMiSLUG announcements. How do I find out why?

Send majordomo@semislug.mi.org a message containing:

which STRING

and you'll get back a list of addresses containing STRING and to which mailing lists's they're subscribed. Contact Gabe if you need more assistance.

What's going to happen to MS users in 2000?

Condemmed to flames.

Has anyone got a video of the cream pie incident? With them?

Chad has a copy.

Netscape Confusionator's "Startup homepage override" - does anyone have it working yet?

Netscapes working on this problem.

Anyone have SSL ftpd installed?

Doesn't sound like it.

Good reference for getting ssh up and running?

Paul Haas just installed it and it worked. There's also a FAQ out there somewhere. And while you're at it, start using tcpwrapper for added security.

Any experience with new Ultra 5 or 10 Suns?

Some trade rag thinks they're overpriced. An Alpha box would do them better.

Is it possible from 4.1.3 to use something other than dd to mirror a disk?

tar? dump? Try GNU dd.

Peter's Sun problem?

Fix the shared libraries. Get the Sun FAQ. See resolv+.

Why isn't Peter running OpenBSD on his Sparqs?

AFS server.

Samsung doodad that runs PCS?

No one is familiar with it. It's a pen-based PDA.

How do you run data over PCS?

It's possible, but no details.

Linux for palmtops?

Didn't someone just say that Linux is running on a Palm Pilot? Yes, it's out there.

Commercial listservs?

No one wants to support Majordomo any more. How about ListServ?

---

Presentation

Network Flight Recorder - Mike Stolarchuk

NFR is biulding software that sniffs the net and analyzes the results. The goals are:

Make hackers miserable
Produce state of the art network management and security tools
Release them to the world
Support research
Sell commercial rights to our tools where demand exists

Have a good time
Determine how the network is being utilized

Intrusion Detection Systems:

Intrusion Detection
Burlar Alarms

---

Input Channels: Ethernet FDDI Other

Analysis: Traffic Analysis and <= WWW Interface

Decision Engine

Output Channels: Histogram List/Log (other)

---

Has a language that is used to describe filters and analysis.

Usage and Deployment

Offsite Monitoring
Offsite (agreement based) audit
Records / transaction history
Network change detection and audit
Usage tracking ( Internet / intranet usage billing?)
Hacker hunting

Internal Architecture:

Highly modularized plugin/plug-out
Centralized engine
Detachable "packet suckers"
Detachable "recorder objects"
Modularized alert processing system
Queue and prioritiz alerts
Deliver them through multiple channels

Storage requirements depend on how much detail you keep; you decide how bad it will be.

Performance is a big question

Estimate system should be capable of ~40-50Mb/s on a P200 w/64Mb RAM
Disk I/O will be the bottleneck (don't try to capture 100% of data)
NFR are still experimenting and doing performance tuning

NFR are currently using commodity hardware in an effort to force the development to focus on improving the software.

NFR is better suited to auditing than intrusion detection at this point. Remote auditing gets a bit hairy. Using multiple NFR's make managing a network easier.

Those interested in trying NFR out should visit http://www.nfr.com/ to download it.

Currently running on BSD/OS, Solaris, Linux, HP/UX. NT should be available in the next month or two.

---

Rumor & Inuendo

---

[ Return to the SEMiSLUG minutes page ]