Network Monitoring SIG News 2007

The very interactive 4th NM-SIG meeting was held on Wednesday 17th October in Noordwijk (NL), before the GOVCERT.NL-symposium. Around 14 people attended the meeting. With hindsight...

SWITCH-CERT has released nfdump-1.5.6. It includes:

  • Fix odd CISCO behaviour for ICMP type/code in src port.
  • Add fast LZO1X-1 compression option (-z) for output file.
  • Add lists for port in syntax -> port in [ 135 137 445]
  • Add lists for AS syntax -> as in [ 1024 1025 ]
  • Bug fix in filter for syntax 'src as and dst as'

The third meeting of the NM-SIG has been held on Thursday 21 June 2007, during the FIRST conference in Seville. Around 35 attendees joined discussions on various topics. The minutes of the meeting will be available for NM-SIG members soon.

CERT Polska updated the public interface of Arakis early warning system. Statistics from honeynets, darknets, firewalls and antivirus systems are now available, along with information about new packet payload seen on honeypots -- all in English.