[SASAG] Marty Roesch (author of Snort, CTO Sourcefire) at EMP June 19 1:15 PM

James Affeld jamesaffeld at yahoo.com
Sat Jun 16 21:18:22 PDT 2007

Reminder.  Note slight time change: previously I announced it would be at 1:30 PM, but I understand is actually 1:15 PM.  

Marty will be able to hang around for an ice cream social afterwords, but travel plans will preclude him from staying late enough for a happy hour.  Depending on attendee interest, we may bring our ice cream-bloated bellies over to Michelangelos afterwords.  We may have a Sourcefire trainer with us at that point.

I hope to see you there.  

----- Original Message ----
From: James Affeld <jamesaffeld at yahoo.com>
To: jamesaffeld at yahoo.com
Cc: "bsd-users at seabug.org" <bsd-users at seabug.org>; "gslug-general at gslug.org" <gslug-general at gslug.org>; "members at lists.seattle-sage.org" <members at lists.seattle-sage.org>; "seattlesug at lists.snort.org" <seattlesug at lists.snort.org>; "slug-list at lists.seaslug.org" <slug-list at lists.seaslug.org>; "taclug-general at taclug.org" <taclug-general at taclug.org>
Sent: Wednesday, May 30, 2007 11:56:08 AM
Subject: Marty Roesch (author of Snort, CTO Sourcefire) at EMP June 19

Greetings after a few months hiatus.  I have a couple
of bits of Snort-related news to pass along.  

The first is that the original author and continuing
architect of Snort, Marty Roesch, will be in town June
19th at the Experience Music Project.  He'll talk
about the future of Snort and  Enterprise Threat
Management.  I will fwd the start time when I have it.

Now, obviously I am a fanboy, but I recommend hearing
the man.  I've attended two of his dog & pony shows
and found both rewarded my time and attention.  I
think he has a compelling vision of what technology
can really do to defend networks.  He still codes,
btw, even post-IPO.  

Second bit: 
That same week, June 19 - June 22, Sourcefire is
offering their two Snort classes, Building and
Operating Snort 6/19-6/20 and Snort Rules 6/21-6/22. 
Sourcefire offers a discount to SeaSnUG members.  

Third bit: Sourcefire has offered to send the trainer
for that course to speak at a SeaSnUG meeting the
evening of 6/18.  Any suggestions for topics?  My
suggestion would be "Gossip and Actionable Slander re:
Security Industry," but doubtless there are more
edifying themes.  

I will organize a room at South Seattle College and a
start time of 7:00 PM.  If anyone wants to offer a
venue for that date/time, I'd be happy to meet there

There is some possibility of the meeting being 6/19
depending on the availability of Snort's original
author to join us.  I'll let you know when I know.

Fourth bit: If you have any thoughts on how the group
might be more interesting and useful to you, please
let me know.  Some LUGs thrive on an unprogrammed
approach, just a bunch of folks gathering and sharing
tips and showing off gadgets.  Would that appeal?  

Fifth bit: In attempt to make Snort rules more
current, the rules language has been ported to lolcode
(http://www.lolcode.com/).  An example: 

(11:40:23 AM) WuTang: ohnoes tcp $INTERN3TZ any ->
OMGWTFBBQ:"/\.hta(\b|$)/Ui"; WTF:attempted-admin;

      ____________________________________________________________________________________Shape Yahoo! in your own image.  Join our Network Research Panel today!   http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 

Got a little couch potato? 
Check out fun summer activities for kids.

More information about the Members mailing list