the de facto standard in IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences

Hampton Roads Snort User Group

April Meeting Information

Topic: "EZ Snort Rules", an introduction to writing basic IDS rules in everyone's favorite pig-themed IDS.

Date: Thursday, 6 April 2006
Time: 7:00PM
Place: Williamsburg Regional Library
515 Scotland Street, Williamsburg, VA
(757) 259-4040

The presentation from April's meeting, "EZ Snort Rules: Find the Truffles, Leave the Dirt" can be downloaded here.

March Meeting Information

Date: Wednesday, 8 March 2006
Time: 7:00PM
Place: Williamsburg Regional Library
515 Scotland Street, Williamsburg, VA
(757) 259-4040

The February meeting of the Hampton Roads Snort Users' Group (HRSUG) will be held at 7:00PM, Wednesday February 8th. We're fortunate enough to have Sourcefire's Judy Novak as our guest speaker. I've included Judy's bio and presentation abstract below. She literally "wrote the book" on Intrusion Detection, so I know you won't want to miss her presentation

Date: 8 Feb 2006
Time: 7:00PM
Place: Williamsburg Regional Library
515 Scotland Street
Williamsburg, VA
(757) 259-4040

Judy Novak's Bio:
Judy Novak is a research engineer on Sourcefire's Vulnerability Research Team where she mangles packets for fun and research. She is the co-author of "Network Intrusion Detection". She has written and still maintains SANS "Intrusion Detection In-Depth" courseware. She has several patents pending for work performed at Sourcefire in passive operating system detection and target-based identification of fragmentation and TCP stream reassembly.

Presentation Abstract:
Judy's presentation, entitled "Target-BasedTCP Stream Segment Overlaps", discusses current research and future functionality of Snort's upcoming stream5 TCP preprocessor. She will demonstrate how overlapping TCP segments can be used to identify a remote operating system by crafting packets using a tool known as scapy. This talk assumes the audience has a basic understanding of TCP.

Join the mailing list for more discussion about the group and meeting.

The January meeting of the Hampton Roads Snort Users Group (HRSUG) will be held on Wednesday, January 11th at 7:00PM. This will be an important meeting, since we will open the nominations for the positions of Chair and Vice Chair.

As for a technical presentation, I will be demoing sguil, an open source Network Security Monitoring (NSM) tool. Sguil incorporates NIDS information (snort), network session data and packet logging into a single analyst console/research tool. I'll be showing how sguil can help you save time, save money and improve your detection program at the same time.

Location details are below. The first meeting had a great turnout so hopefully this one is even better!

Date: 11 Jan 2006
Time: 7:00PM
Place: Williamsburg Regional Library, 515 Scotland Street, Williamsburg, VA
(757) 259-4040
Meeting room B

Join the mailing list for more discussion about the group and meeting.

snort integrators
user groups
mailing lists
speaking/media opps
snort scholarship
linuxworld 2005
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.