Meeting began at 11:00AM
2. (Todd Heberlien)
Matt- SGML deals with structure vs.programming in HTML. What makes up vulnerabilities description?
Revision number followed by information about the change. VDESC= description of vulnerabilities...name, long, vers, os.etc..Describes elements.
SGREP- allows you to search based on structure and check for special terms. It's used a lot in WWW and library science.
XML is subset of SGML.
Many programs will handle this as well.
Next week I'll show you format in WORD.
Eliminates problems in searching for something because it handles case and looks for something approximate.
It is isostandard.
Invented in 1969.
Todd- Found host is over in Leech dorms.
25% of traffic is for Wharez sights.
21 million connections and 37 pages in one hour
Very few rschells
Fragmented packet bounced back at them.
We assumed there wouldn't be fragmented imcp packets, but that was wrong.
I'm collecting statistics right now on everything. Traffic goes up to 4-5 probably hitting lots of machings. Don't have a lot of people receiving attacks. Did some horizontal scans checking for FTP servers for a particular service. Do binary transfer to Windows box.
What are appropriate attack signatures?
David O.- What about SNMP traffic?
- Bring statistics for different servers.
-Peter will talk about Cohen's Stackguard paper.
-Demos with code.Meeting adjourned at 11:50AM