From announce at lists.nycbug.org  Mon Sep  5 14:32:18 2011
From: announce at lists.nycbug.org (NYC*BUG Announcements)
Date: Mon, 05 Sep 2011 14:32:18 -0400
Subject: [announce] NYC*BUG this week
Message-ID: <4E6515B2.5030709@ceetonetechnology.com>

September 07, 2011, Wednesday

Boris Kochergin on Two Networking Topics

6:45 PM, Suspenders Restaurant backroom
111 Broadway in Manhattan
http://www.suspendersbar.com/

Boris will be speaking on two networking topics.

RP Counterattack (will include a demo!):

Monitors traffic on any number of Ethernet interfaces and examines ARP 
replies and gratuitous ARP requests. If it notices an ARP reply or 
gratuitous ARP request that is in conflict with its notion of "correct" 
Ethernet/IP address pairs, it logs the attack if logging is enabled, 
and, if the Ethernet interface that the attack was seen on is configured 
as being in aggressive mode, it sends out a gratuitous ARP request and a 
gratuitous ARP reply with the "correct" Ethernet/IP address pair in an 
attempt to reset the ARP tables of hosts on the local network segment. 
The corrective gratuitous ARP request and corrective gratuitous ARP 
reply can be sent from an Ethernet interface other than the one that the 
attack was seen on.

http://acm.poly.edu/wiki/ARP_Counterattack

2. Net Sensor (will include a demo!):

Aims to be a general-purpose, modular network-analysis suite for use in 
research, diagnostics, forensics, and statistics-gathering. It monitors 
traffic on an Ethernet interface, performs some pre-processing on 
it--such as figuring out where a packet`s payload begins--and passes it 
along to any number of modules. A module is an ELF shared object which 
may maintain state, write data out to disk using the Berkeley DB-backed 
Writer library, or send e-mail using the SMTP library. In addition to 
processing packets from the network, a module can also accept input from 
any number of other modules. Current modules include an HTTP 
session-keeping module, an HTTP session-logging module, and a 
BitTorrent-detection module.

http://acm.poly.edu/wiki/Net_Sensor

Speaker Bio

Boris Kochergin is currently a system administrator and programmer at 
New York Internet. He was a network and system administrator at 
NYU-Poly`s business incubator at 160 Varick Street (consulting), network 
and system administrator at EmPower Solar (consulting), network and 
system administrator at Ecological, LLC (consulting), and programmer for 
the Long Island Solar Energy Industries Association (consulting).


From announce at lists.nycbug.org  Wed Sep  7 16:45:05 2011
From: announce at lists.nycbug.org (NYC*BUG Announcements)
Date: Wed, 07 Sep 2011 16:45:05 -0400
Subject: [announce] NYC*BUG Tonight
Message-ID: <4E67D7D1.3020202@ceetonetechnology.com>

September 07, 2011, Wednesday

Boris Kochergin on Two Networking Topics

6:45 PM, Suspenders Restaurant backroom
111 Broadway in Manhattan
http://www.suspendersbar.com/

Boris will be speaking on two networking topics.

RP Counterattack (will include a demo!):

Monitors traffic on any number of Ethernet interfaces and examines ARP 
replies and gratuitous ARP requests. If it notices an ARP reply or 
gratuitous ARP request that is in conflict with its notion of "correct" 
Ethernet/IP address pairs, it logs the attack if logging is enabled, 
and, if the Ethernet interface that the attack was seen on is configured 
as being in aggressive mode, it sends out a gratuitous ARP request and a 
gratuitous ARP reply with the "correct" Ethernet/IP address pair in an 
attempt to reset the ARP tables of hosts on the local network segment. 
The corrective gratuitous ARP request and corrective gratuitous ARP 
reply can be sent from an Ethernet interface other than the one that the 
attack was seen on.

http://acm.poly.edu/wiki/ARP_Counterattack

2. Net Sensor (will include a demo!):

Aims to be a general-purpose, modular network-analysis suite for use in 
research, diagnostics, forensics, and statistics-gathering. It monitors 
traffic on an Ethernet interface, performs some pre-processing on 
it--such as figuring out where a packet`s payload begins--and passes it 
along to any number of modules. A module is an ELF shared object which 
may maintain state, write data out to disk using the Berkeley DB-backed 
Writer library, or send e-mail using the SMTP library. In addition to 
processing packets from the network, a module can also accept input from 
any number of other modules. Current modules include an HTTP 
session-keeping module, an HTTP session-logging module, and a 
BitTorrent-detection module.

http://acm.poly.edu/wiki/Net_Sensor

Speaker Bio

Boris Kochergin is currently a system administrator and programmer at 
New York Internet. He was a network and system administrator at 
NYU-Poly`s business incubator at 160 Varick Street (consulting), network 
and system administrator at EmPower Solar (consulting), network and 
system administrator at Ecological, LLC (consulting), and programmer for 
the Long Island Solar Energy Industries Association (consulting).