Twitter

I’ve finally given in to the hype and got an account on Twitter. I must say that so far I’m liking it more than I expected. It seems almost everyone from the infosec community is active on the service. I am updating it nearly daily about (among other things) the OISF development I’m doing.

If you’re interested follow me here: http://twitter.com/inliniac

Available for contract work

This year there will be a lot of work that needs to be done for the Open Infosec Foundation. And like I wrote a few days ago, a lot of work is already being done. However, most of it is unpaid at this time as it will be some months before our funding comes in. So at least until then I’m available and looking for contract work.

For the last two years I’ve been doing work as a contractor in the (open source) security field. My experience is mostly in coding in C and Perl, primarily on Snort and Snort_inline. Recently I created the (Perl language) SidReporter program for Emerging Threats. Areas I worked in: IPv6 IDS/IPS coding, signature writing, Web Application Firewalls, threading, bandwidth accounting, and more…

Checkout my LinkedIn profile for more info. My resume is available on request.

If you have some work or know someone that does, please let me know!

Site moved

This site is hosted at a server at my home and is connected using my DSL connection. Next weekend I’m moving and the DSL has to be moved as well. Since that usually takes a few weeks here, I had to move the blog (and my mailserver) elsewhere for a while. Luckily Adi Kriegisch provided me with access to a server, so yesterday both my mailserver and weblog were moved. I have no native IPv6 connection there so I’ve disabled IPv6 access for now. Maybe I’ll try to restore it later. As far as I can see everything works, but if you see any problems please let me know! Big thanks to Adi for hosting my site!

Vuurmuur developments

This is my first blog post in 2007, so let me start by wishing everyone a good and healthy new year. In the new year I finally released a new version of Vuurmuur. It was the longest period between two releases, the last one was in April 06. The last year has been pretty hectic, with my graduation, looking for work, and now working… Also I’ve been stepping up work on Snort_inline and Modsec2sguil, which all took away coding time from Vuurmuur.

Of course, just after the new release came out, I discovered some problems with the connection killing functionality, and a new alpha release partly fixing that is already out. Partly, since I have yet some fixes to make. The release got a fair amount of publicity since it was mentioned on the Dutch computer enthousiast site tweakers.net. The server that hosts the wiki (and the screenshots) nearly colapsed under the requests, but luckily I could adapts it’s config in time to bring the load down from 18 to 2.

Looking ahead, I intent to get a new release out fairly quickly, hopefully even this month. The focus of this release will be fixing the bugs from 0.5.72. Looking further ahead main focus will be the setup wizard, that should help new users to get going quickly. Adi is working on an updated autobuild server that can also support the newer versions of Debian and Ubuntu. He will also be looking at adding support for rpm-building.

I’m also thinking about modifying the iptables rules that Vuurmuur creates, to better handle traffic marking, add support for the classify target and support nfqueue. But it will be a while before work on that will start…

Snort_inline: getting closer to 2.6.0.2

I’m back from my vacation which was very nice. Hardly did any geek stuff, other than meeting up with Philippe, who lives in Paris. It was the first time I met someone I got to know through the Vuurmuur project :)

So with Snort_inline things aren’t moving as fast as I hoped, but there is certainly progress. I’m currently hunting for a few bugs. First of all I’ve seen it segfault on me once. Sadly I had forgotten to enable coredumps, so no clue as of why. Second, William and I have been ironing out some issues where the new stream4 mode was getting mixed up with the old. I think these are pretty much taken care of now. Third, there is a bug where an unified alert fired by http_inspect doesn’t contain a payload. Finally, i’m hunting what appears to be a heisenbug in the new stream reassembly, because I’ve never encountered it since I’m actually looking for it.

Still it has been running on my gateway with good stability and performance for a few weeks now. So I think that if we can find the http_inspect issue, we should be ready for a beta release…

A word about my current employment situation

Yesterday the talks between me and my employer of the last five years broke down in disagreement. The company where I have been working as a part-time Sytem Admin for the last five years next to my study, offered me a job in their webdevelopment team. It wasn’t security related, but it sounded interesting enough since I would mostly work on the backend where connections with databases and third parties would be handled. Anyway, the talks broke down so I’m now looking for work.

My work experience in the IT field consists of the two jobs I currently (still) have. The first is as a part-time System Admin in a very competetive company operating in the travel market. It is a mostly Windows environment, with more than fifty workstations and about fifteen servers. Here I have done all administration for about three years, after which I got someone to support me. From that moment I have been working on the more difficult issues, planning new projects and preparing work for my co-worker.

The other job is a part-time position at a small IT Consultancy company. Here my main focus was on setting up and administration of Linux firewalls, email servers and database servers, as well as some limited development work. Next to this I was involved in supporting the consultant in thinking through advices to customers on a broad range of issues.

I just graduated in August, and hold a Masters degree in a non-IT related field.

I’m especially interested in security work of course, since that has been my passion for the last couple of years. I have been working on a Firewall project, an IPS project and a NSM project. My programming skills are mostly C, but also Perl, Bash and to a lesser degree C#. This experience ranges between socket programming, complex data structures, GUI programming and performance critical programming. I know a lot about Firewalls, IDS’ and IPS’ and TCP/IP in general.

So, if you know of any interesting security project, tell me! ;-)