Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1310

Warning: shuffle() expects parameter 1 to be array, null given in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1311

Warning: Invalid argument supplied for foreach() in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1312

For any of you who have an interest in IDS I have come across two articles that are fascinating reading. The first article is an analysis of models and techniques for testing IDS signatures to ensure that they adequately match and detect attacks. It includes links to a broad collection of tools and further reading.

The second article is a topic that greatly interests me – the use of Bayesian statistical analysis to reduce the volume of false positives detected by your IDS. Bayesian analysis is already used by a number of anti-spam tools, such as SpamAssassin, to help reduce the volume of email incorrectly marked as spam. It also appears to have solid applications in IDS tuning. That tuning can be a truly black art at times and finding the real attacks in amongst the network noise and false positives can be problematic. Traditional IDS uses signature matching, which tries to match network traffic against the signature of an attack. In many cases legitimate network traffic can also match attack signatures and thus incorrectly identified by the IDS as an attack. These false positives all need to be identified, checked and reviewed. This can add enourmous management and reporting overhead to an IDS solution.

With Bayesian analysis network data is accumulated and analysed. During this phase both false positives and real attacks are flagged and feed into a statistical model. After a suitable volume of data is accumulated patterns start to emerge in the model. These patterns reveal which traffic is statistically identifable as a false positive and which is a malicious attack. These patterns are then applied to new network data. The patterns provide a more accurate indicator of false versus malicious traffic and significantly reduce the number of false positives identified by the IDS. Additionally this new network traffic is also feed into the model and analysed, further refining the model.

The results of a study run by the authors of the article indicate that using Bayesian analysis halved the number of false positives recorded by the IDS. Anything that so significantly increases the probability of your IDS only alerting on a genuine attack greatly enhances the security of your networks. Further developments in this area should prove extremely interesting.

Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1310

Warning: shuffle() expects parameter 1 to be array, null given in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1311

Warning: Invalid argument supplied for foreach() in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1312

My two favourite Flash pieces of the moment – She Blocked Me and French Erotic Film. The second one is really quite … weird. My sort of guys. And in general the whole Albino Black Sheep site is very cool.

Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1310

Warning: shuffle() expects parameter 1 to be array, null given in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1311

Warning: Invalid argument supplied for foreach() in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1312

Oh and I have so found a few people’s Christmas gifts – watch out Ruth, Mefcon, Zac and Feodor. You are going to get Big Flash Storage Tiki Style! Aloha!

Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1310

Warning: shuffle() expects parameter 1 to be array, null given in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1311

Warning: Invalid argument supplied for foreach() in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1312

Some entertaining material. Firstly, a letter in yesterday’s SMH about Tony Abbott being re-united with his son.

“Dear Daniel, It could have been worse. It could have been Tony Abbott telling you that your mother was Amanda Vandstone.”

And secondly a comment from Crikey about the recent expulsion of an Israeli diplomat from Australia:

There have been some extraordinarily tough and dashing Israelis. Miscellany’s favorite has always been Moshe Dayan.

But just how tough, brave and dashing must that expelled Israeli diplomat have been – he was going to spend Christmas with Phillip Ruddock!”

Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1310

Warning: shuffle() expects parameter 1 to be array, null given in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1311

Warning: Invalid argument supplied for foreach() in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1312

Acclaimed drinker and founder of ‘gonzo’ journalism, Hunter S. Thompson, is dead, apparently by his own hand. One of the greatest social commentators of the 2nd half of the 20th Century. His like will not be seen again.

Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1310

Warning: shuffle() expects parameter 1 to be array, null given in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1311

Warning: Invalid argument supplied for foreach() in /home/kartar/www/www/wp-content/plugins/simple-tags/inc/client.php on line 1312

Okay. Given in. Finally giving BigPong the flick. After years of being a loyal customer – indeed one of the first cable customers. I have had it. Sick of putting up with the Hell Desk. Fighting tooth and nail to get them to agree to anything or to provide real technical support. From admitting they used a transparent proxy, to the world’s worst email infrastructure and the hours long delays sending mail. Sick of weird errors, a dinky authentication client, a highly inaccurate usage meter, unexplained and unplanned outages and the highly misleading Service Status page – where the green/amber/red traffic light system seem to reflect different statuses than their traditional traffic counterparts do.

Now the straw that broke the camel’s back? Capping of cable customers via an automatic process. Now you’d think 10Gb was enough bandwidth wouldn’t you? Well the last few months of VoIP, ISO downloads and other downloads for the book, web cam and increase in email traffic have regularly blown the 10Gb mark. And being shaped to some ridiculously almost dial up speed? No thanks.

So I am leaving them. Moving on to iiNet with 8000k speeds and considerably more generous caps. So far its been pretty bloody perfect. All questions answered promptly. Minimal waiting times on the phone. But we will see. I have been crapped on from a great height by ISPs before. Hmmmm – perhaps I am due some luck.