Docs and Code

Docs and Code I have written or modified

Documents and Larger Projects and Ideas

Network Host file upload problem between iE5 and Apache web server (and its solution)

Firewall Information RepresentationHere is a way to do high level representation of firewall connection data. By graphing both pass and fail data, non-routine traffic will be made aparent to the observer.

Distributed tripwire system. Modification of tripwire source to make it far simpler to gather together hundreds of hosts data, and inspect results in only a minute or two.

I have begun exploring using Solaris BSM logging as a mechanism for intrusion detection. This is not overly original (as I have found out), but getting all of the information together has/is quite interesting. An overview of some ideas can be found here.

Information about SecurID/ RSA Ace install and operation is not all that available on the web. Here are a few notes that I made using this authentication mechanism.

Instructions on how to install Oracle Parallel Server and Sun Cluster. This list is, by no means, the only thing you need to know to get the job done. I now know what a 'scrubber' is though. Many thanks to Mr. Tripetsky, our Senior DBA, for his excellent work in helping me document this mess.

Printing causes more fud in unix admins than any other issue I have found. This includes me. My friend Nick has made clear and easy directions for setting up printers on BSD and Solaris boxes. Thanks Nick!

Coding Examples

ttywrapper.c A wrapper to run stdin and stdout through a ptty so that you can pump information into programs like passwd which insist on talking through /dev/tty.

File converter using wiretap/etherial front end. Used to convert raw SunScreen 3.X firewall logs in to a more portable pcap format. This code is incomplete and rather nasty looking. Use wiretap and insist on raw IP format for this to work.
If there is time I will clean this up. Files include: sunscreen.c, sunscreen.h, file.c, Makefile
The raw firewall data structure can be seen here.

Snort IDS pre-procesor for keeping an eye on DNS traffic. It can check to see if the packet matches the protocol spec, and also keep an eye on the question <-> response nature of DNS.
There is an entire page for this preprocessor located here for your viewing pleasure.

Java application proxy, which filters on application handshake and uses MD5 hash authentication. In spite of it's dubious upbringing, it managed to run non-stop in production until the product line was discontinued. Any relation of the sample protocol to any other found out on the internet is pure coincidence.
The jar file can be found here.

Configuration Examples

Router and switch config files for RSA SecurID authentication of logins.

Hosted by www.Geocities.ws

Documents and Larger Projects and Ideas	Network Host file upload problem between iE5 and Apache web server (and its solution) Firewall Information RepresentationHere is a way to do high level representation of firewall connection data. By graphing both pass and fail data, non-routine traffic will be made aparent to the observer. Distributed tripwire system. Modification of tripwire source to make it far simpler to gather together hundreds of hosts data, and inspect results in only a minute or two. I have begun exploring using Solaris BSM logging as a mechanism for intrusion detection. This is not overly original (as I have found out), but getting all of the information together has/is quite interesting. An overview of some ideas can be found here. Information about SecurID/ RSA Ace install and operation is not all that available on the web. Here are a few notes that I made using this authentication mechanism. Instructions on how to install Oracle Parallel Server and Sun Cluster. This list is, by no means, the only thing you need to know to get the job done. I now know what a 'scrubber' is though. Many thanks to Mr. Tripetsky, our Senior DBA, for his excellent work in helping me document this mess. Printing causes more fud in unix admins than any other issue I have found. This includes me. My friend Nick has made clear and easy directions for setting up printers on BSD and Solaris boxes. Thanks Nick!
Coding Examples	ttywrapper.c A wrapper to run stdin and stdout through a ptty so that you can pump information into programs like passwd which insist on talking through /dev/tty. File converter using wiretap/etherial front end. Used to convert raw SunScreen 3.X firewall logs in to a more portable pcap format. This code is incomplete and rather nasty looking. Use wiretap and insist on raw IP format for this to work. If there is time I will clean this up. Files include: sunscreen.c, sunscreen.h, file.c, Makefile The raw firewall data structure can be seen here. Snort IDS pre-procesor for keeping an eye on DNS traffic. It can check to see if the packet matches the protocol spec, and also keep an eye on the question <-> response nature of DNS. There is an entire page for this preprocessor located here for your viewing pleasure. Java application proxy, which filters on application handshake and uses MD5 hash authentication. In spite of it's dubious upbringing, it managed to run non-stop in production until the product line was discontinued. Any relation of the sample protocol to any other found out on the internet is pure coincidence. The jar file can be found here.
Configuration Examples	Router and switch config files for RSA SecurID authentication of logins.