Proposed LOBSTER News Update
- Subject: Proposed LOBSTER News Update
- From: Kevin Meynell <meynell@xxxxxxxxxx>
- Date: Fri, 14 Sep 2007 08:12:43 +0100
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=terena.org; b=sL+qA34Rf2+vGJTFPeknnzRo47W+bZUXxNXhi9GoRi6MbCSlZRbIxFCtqUXcV/KrD vt+OKCrC6ITSH2YOpSt6olZKsQR5XZihwoCx8UhLgh6I41Hocq36ppmTWvYP+UOvFR0 MjB8KmkRyHQ8ueWA3D7cIcNLasECkpqb5JvcM9o=;
LOBSTER News
12/09/2007
Updates from the LOBSTER IST project...
* LOBSTER now has 47 passive Internet monitoring sensors deployed in
Bulgaria, Cyprus, the Czech Republic, Greece, FYR Macedonia,
Montenegro, the Netherlands, Norway (including Svalbard), Serbia, and
Spain, as well as Singapore and the United States. The locations of
the sensors are plotted using Google Maps, and their traffic data can
be examined by clicking on each icon (see http://lobster.ics.forth.gr/~appmon/)
* The deployed LOBSTER sensors monitor more than 2 million IP
addresses, and the aggregate traffic capacity on the monitoring links
exceeds 45 Gbps. More than 600,000 cyberattacks have been detected
and captured by the sensors.
* Anonymised payload traces of the cyberattacks captured by the
LOBSTER sensors are made publicly available for research purposes
(see http://lobster.ics.forth.gr/traces/)
* The LOBSTER sensors utilise commodity PC hardware with a variety of
network adapters (which include the specialised DAG card as well as
regular NICs), and run software developed by the LOBSTER project.
This software is available on a bootable Linux CD that allows users
to easily try it out before installation (see
http://www.ist-lobster.eu/downloads/lobster.iso).
* The project has released a new version of the Stager application
(see http://software.uninett.no/stager/). This is a system for
aggregating and presenting network statistics, and although tailored
for using NetFlow data, it is generic and can be customised to
present and process any kind of network statistics. The back-end
collects data with flow-tools, and stores reports in a database
before automatically producing daily, weekly and/or monthly
statistics. A web front-end can present data as tables, matrices or
plots, with fully customisable reports.
* The project has released a new version of the Ruler language that
allows for high-speed matching and rewriting of network traffic based
on regular expressions (see http://projects.gforge.cs.vu.nl/ruler/).
The language is simple to use, as well as being extremely powerful
and fast (payload scanning at gigabits per second). Back-ends exist
for general-purpose CPUs, Intel IXP2400 network processors and Xilinx FPGAs.
* Rulerproxy is a complementary Linux-based program that allows one
to apply Ruler filters to reassembled TCP streams (e.g. to scan for
worms, unwanted content, or to rewrite/anonymise regex patterns).
----------------------------------------------------------
This mail was distributed via lobster-news@xxxxxxxxxxxxxxxx
To unsubscribe, visit the following URI:
http://www.ist-lobster.org/announcements.
