The February meeting of the Hampton Roads Snort Users' Group (HRSUG) will be held at 7:00PM, Wednesday February 8th. We're fortunate enough to have Sourcefire's Judy Novak as our guest speaker. I've included Judy's bio and presentation abstract below. She literally "wrote the book" on Intrusion Detection, so I know you won't want to miss her presentation!
Date: 8 Feb 2006
Place: Williamsburg Regional Library
515 Scotland Street
Judy Novak's Bio
Judy Novak is a research engineer on Sourcefire's Vulnerability Research Team where she mangles packets for fun and research. She is the co-author of "Network Intrusion Detection". She has written and still maintains SANS "Intrusion Detection In-Depth" courseware. She has several patents pending for work performed at Sourcefire in passive operating system detection and target-based identification of fragmentation and TCP stream reassembly.
Judy's presentation, entitled "Target-BasedTCP Stream Segment Overlaps", discusses current research and future functionality of Snort's upcoming stream5 TCP preprocessor. She will demonstrate how overlapping TCP segments can be used to identify a remote operating system by crafting packets using a tool known as scapy. This talk assumes the audience has a basic understanding of TCP.