Here is a pointer to a small SNMP resources directory, available both in HTML and OPML.

I've extracted most references from John Sellens' System And Network Monitoring Tutorial at Usenix 02.

This catchy phrase is printed on the cool openBSD t-shirt I got at the expo.

Sysadmins being the cheeky fellows they are, a roster of clear text passwords captured on the conference wireless network is posted at the door of the 'terminal room'.

This room is actually sponsored by Apple Computers and filled with G4s and iMacs, which is quite a new sight for a Unix geek convention.

Even more impressive, among the thousand of laptop toting sysadmins roaming the Monterey Conference Center, almost 1 in 4 is equiped with some variant of iBook or Powerbook.

I'm currently sitting at one of the laptop tables in the 'terminal room', next to Jordan Hubbard actually: on the 12 laptops sitting on the table, 5 are coming from Apple.

in Yesterday's tutorial, Marcus Ranum presented the latest data on the cracker population, as gathered by the honeynet group, and, while talking way too fast for a presentation, made a good case for honeypots as tools for intrusion detection.

Marcus defines a honeypot as "a security resource whose value lies in being probed, attacked, or compromised".

He further distinguishes between production honeypots, which are "low interaction" systems - giving the attacker access to limited resources thru some sort of emulation - designed to secure an organization, and research honeypots, which are "high interaction" systems - basically giving the attacker control of a whole server - targeted at counter intelligence and gaining information on the so called "black hat" community.

Production honeypots are getting easy to set up, thanks to a new breed of tools. I learned about honeyd during the tutorial, it compiles on most flavours of BSD, GNU/Linux and Solaris, and emulates dozens of systems, including several variations of Windows.

The nice thing about a honeypot is nobody is supposed to access it as long as it's not advertised. Therefore, any traffic directed at the honeypot is probably suspect. Any traffic coming out of the honeypot is definitely suspect and should trigger an alarm.

Therefore, an honeypot, coupled with a station running a network sniffer such as snort, fits nicely as a network-wide intrusion detection system.

A follow up on David Blank-Edelman Perl for System Administration tutorial on Tuesday.

David emphasized the 3 rules a sysadmin should respect when programming some script that reports by email to its master:

• Beware of overzealous message sending: you don't want your mailbox to be flooded by the same message repeating itself
  • Build delay functions into the code.
  • send aggregate messages
• Do not waste the subject line of the message: it is made for quick, to the point, if short information.
• Make sure the message body is relevant: include the answers to following questions - who, where, when, what, why, what next.

I think we should add a fourth rule these days, that mitigates the third one some: do not assume you'll be the only person reading the message.

All SMTP traffic goes out in the clear, and is a prime target for any network sniffer. This is not paranoïa, this is renewed experience.

If your script report includes sensitive or revealing data, encrypt it (with GnuPG for instance, and Ashish Gulhati's Crypt::GPG module) before sending it, or store it on some restricted access web server, and include a link in the body of the message.

A couple of beta testers have come up with an issue in the installation of activeRenderer's weblog outline style on Microsoft Windows systems

It looks as if UserTalk does not handle the \n character as a new line marker in a cross-platform way.

I've modified the installation procedure in beta 5 to handle the end of line marker correctly according to the local system, \r ( 0x0d ) for MacOS, \r\n ( 0x0d0a ) for Windows.

Testers who have run into this problem in Windows can either correct their #prefs.txt manually with their favorite text editor, or restore their backed up version of the file (activeRenderer created one in www/gems/activeRenderer/backup), or upgrade to beta 5 and restart Radio.

And it is way faster at rendering anti-aliased text on my Powerbook G4 than version 0.2.8 was. I suppose it uses the upgraded Quartz API provided by MacOS X 10.1.5. The aptly named Chimera is an attempt at the impossible: porting the Mozilla browser code to the Apple Cocoa developing platform.