October 7th Chicago2600 Meeting information

The meeting will have all of the usual. As well as the presentation, there will be DJ Cliche Darkness playing all night, general discussion, and all around maddness until more than likely 7-10am Sat morning. Nigel will be on at 8:30 (approx) and will be discussing snort and IDS systems, possible vulnerability research and IDS evasion as well. Nigel will err more on the technical than anything, so make sure you read up! More information on snort can be found on snort's website (www.snort.org). More information will be provided at Chicago2600's website as it becomes available (chicago2600.net).

-=Presentation Information=-
Target-based IDS: The future of the Industry.

First generation solutions, including IPS, suffer from lack of information that leads to ambiguity � sensors operate with no compositional knowledge of the network components they are defending. This compositional vacuum leads to false positives/negatives and evasions, like those highlighted as early as 1998 by Ptacek and Newsham.

To solve this, Sourcefire is developing what it refers to as a target-based detection engine that auto-configures itself in real-time based on the attributes of the targeted system. This target-based methodology requires a continuous feed of all the attribute data for all the devices on the protected network, even as it evolves � information provided by Sourcefire RNA.

Sourcefire is leveraging RNA's network intelligence by making mechanisms such as IP defragmenters and TCP stream reassemblers fully target aware and able to configure themselves accordingly. Additionally, the detection engine can model application layer data properly so application layer evasion attempts are much more difficult. The target-based detection engine policy application occurs at a per-flow level of granularity, maximizing the blocking capability while minimizing chances of accidental DoS as a result of false positives or misapplication of policies to improper targets.

-=Location=-
Neighborhood Boys and Girls Club
2501 W. Irving Park Rd.
Irving Park Rd. and Campbell Ave.
Chicago, Illinois 60618

Time: 7:00 P.M.


-=Directions Coming From The North Suburbs=-
* Taking either I90 or I94
* Take 90/94 to Exit 44A (Irving Park Rd.)
* Turn Left onto Irving Park Rd.
* Take Irving Park Rd. down to Campbell Ave.
* Turn Right onto Campbell. Park in the lot behind the BGC
-=Directions Coming From Downtown and the South and West Suburbs=-
* First Alternateive: Take 290 West to 90/94 West
* Second Alternative: take I55 North to 90/94 West (Traffic can be
bad, consider alternate on surface streets downtown route if 90/94 is
backed up badly.)
* Take 90/94 West to exit 47A (Fullerton/Western Ave.)
* Through the light at Fullerton and down to Western.
* Turn Right onto Western Ave.
* Take Western Ave. to Irving Park Rd.
* Turn Left onto Irving Park Rd.
* Take Irving Park Rd. 1 block to Campbell
* Turn Left onto Campbell
* Park behind the BGC
-=Alternate Route for Downtown/West/South Commuters=-
* Head into the city
* Go all the way east to Lake Shore Drive
* Take Lake Shore Drive to Irving Park Rd.
* Take Irving Park Rd. down to Campbell Ave.
* Turn Left onto Campbell. Park in the lot behind the BGC


-=Who We Are=-
2600 is a group of people who are enthusiastic about technology, its
uses, and the benefits that it can bring to people. Areas of interest
are highly variable.

Moreover, they're eager and willing to teach what they know to people
who wish to learn.

Some of the areas of interest in the Chicago 2600 group are:
* Computer Hardware
* Computer Operating Systems
* Telephony
* Computer Networking
* Network Security
* Vulnerability Research
* Computer Programming
* Ham Radio
* Web Development
* Social Engineering
Note: This list is, by no means, complete. We are as varied as our members.