[SASAG] Marty Roesch (author of Snort, CTO Sourcefire) at EMP June 19

Ian Hudson hudsonspcdoctor at yahoo.com
Wed May 30 12:34:35 PDT 2007


Dude...awesome

James Affeld <jamesaffeld at yahoo.com> wrote:  Greetings after a few months hiatus. I have a couple
of bits of Snort-related news to pass along. 

The first is that the original author and continuing
architect of Snort, Marty Roesch, will be in town June
19th at the Experience Music Project. He'll talk
about the future of Snort and Enterprise Threat
Management. I will fwd the start time when I have it.


Now, obviously I am a fanboy, but I recommend hearing
the man. I've attended two of his dog & pony shows
and found both rewarded my time and attention. I
think he has a compelling vision of what technology
can really do to defend networks. He still codes,
btw, even post-IPO. 

Second bit: 
That same week, June 19 - June 22, Sourcefire is
offering their two Snort classes, Building and
Operating Snort 6/19-6/20 and Snort Rules 6/21-6/22. 
Sourcefire offers a discount to SeaSnUG members. 

Third bit: Sourcefire has offered to send the trainer
for that course to speak at a SeaSnUG meeting the
evening of 6/18. Any suggestions for topics? My
suggestion would be "Gossip and Actionable Slander re:
Security Industry," but doubtless there are more
edifying themes. 

I will organize a room at South Seattle College and a
start time of 7:00 PM. If anyone wants to offer a
venue for that date/time, I'd be happy to meet there
instead. 

There is some possibility of the meeting being 6/19
depending on the availability of Snort's original
author to join us. I'll let you know when I know.

Fourth bit: If you have any thoughts on how the group
might be more interesting and useful to you, please
let me know. Some LUGs thrive on an unprogrammed
approach, just a bunch of folks gathering and sharing
tips and showing off gadgets. Would that appeal? 

Fifth bit: In attempt to make Snort rules more
current, the rules language has been ported to lolcode
(http://www.lolcode.com/). An example: 

(11:40:23 AM) WuTang: ohnoes tcp $INTERN3TZ any ->
$HOMEZ any (GREETZ:"OMGWTF PWNT!";
LOLLERSKATES:IZ,INCOMING!; IHAZ:"GET";DOnTcAREZ;
OMGWTFBBQ:"/\.hta(\b|$)/Ui"; WTF:attempted-admin;
WHOZ:1000000;) 




____________________________________________________________________________________Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 


_______________________________________________
Members mailing list
Members at lists.sasag.org
http://lists.sasag.org/mailman/listinfo/members


       
---------------------------------
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sasag.org/pipermail/members/attachments/20070530/7e94e957/attachment.html>


More information about the Members mailing list