Internet Security Operations and Intelligence - a DA Workshop

Hosted by Cisco Systems, Inc., with a dinner sponsored by the ISC (Internet Software Cosortium).

August 10th, 2006. Cisco Systems, Inc. Building C, San Jose - California.

09:00 - 09:05 - Preview of the day - Gadi Evron (Beyond Security)
09:05 - 09:30 - Early sessions - Botnets from different perspectives - Hosted by Paul Vixie (ISC):
ISP's Jim Deleskie (VSNL International)
Anti Virus industry Joe Hartmann (Trend Micro)
DynDNS providers Joshua Anderson (Afraid)
Anti spam and reputation services Dave Crocker (Brandenburg InternetWorking)

Main Lectures:
09:30 - 10:10 Key-note: "Bot, Botnets, Sandbox, Impact" Righard J. Zwienenberg (Norman)
10:10 - 10:45 "MSRC Malware/Exploit Zero Day Response - Case Studies" Greg Galford (Microsoft)
10:45 - 11:20 "The Rough Road Around Us in Botnet Tracking" Jose Nazarijo (Arbor)
11:20 - 11:55 "Malcode Toolkit Profiteering:
Feeding the Trend in M.O. from Fame to Fortune"
Hubbard Dan (Websense)
11:55 - 12:30 Lunch break Got chow?
12:30 - 13:05 Case Study: *** Levi Gundert (US Secret Service)
13:05 - 13:40 "Recent Bots Detection Information from Microsoft Security Products" Ziv Mador (Microsoft)
13:40 - 14:25 "Router Stress:
An Under the Hood Look at How a Router is Really Attacked and DOSed"
Barry Raveendran Greene (Cisco)
14:25 - 15:00 "What Keeps Us Up at Night:
New & Advanced Difficult to Mitigate DDoS Attacks"
Darrel Lewis (Cisco)
15:00 - 15:35 "Phishing and Botnets Organized Crime:
Globalization and Tehnology Intelligence Update"
Gadi Evron (Beyond Security)
15:35 - 16:10 TBA Jerry Dixon (US-CERT, DHS)

16:10 - 16:20 - Short break.

Turbo talks:
16:20 - 16:35 "The Global Infection Rate" Rick Wesson (Alice's Registry)
16:35 - 16:50 "Fast-flux Botnet C&C Servers - Detection & Mitigation" Randy Vaughn (Baylor)
16:50 - 17:05 "Winnowing Aggregated Anycast Recursive DNS Streams:
A Tool in Threat Detection, Mitigation and Analysis"
David Ulevitch (EveryDNS / OpenDNS)
17:05 - 17:20 "Getting More out of Sandbox Technology:
Automated Analysis of Malware & Bots"
Eric Sites (Sunbelt Software)
17:20 - 17:35 "TorTeams: Automatic Anonymization Using VMWare Teams" David Dagon

17:45 - 17:50 - Short break.

17:50 - 19:00 - Community discussion subjects:
"The Past Year in Activity" Gadi Evron
"Law Enforcement Cooperation Operations" TBA
"Creating More Actionable Intelligence" TBA
"The Ratout AS-based Reporting System, Overview and Future Development" Randy Vaughn
"Activity for the Coming Year" Gadi Evron

19:30 - TBD - After-party dinner. Hosted by the ISC.

This workshop is for the purpose of bringing together members of the DA
and MWP operational communities and share information, as well as plan our
future operations.

It is open to other operational communities as specified below.

Among the attendees are:
Professionals from ISPs, Anti Viruses, Anti Spam, CERTs, Law Enforcement,
Academia, etc. coming together to work on the most recent technology,
intelligence and operations being done online today for the security of
the Internet.

This ISOI DA Workshop is being hosted by Cisco Systems, Inc., whom we
would like to thank at this time.
After the workshop, a free-of-charge dinner for attendees will be sponsored
by the ISC (Internet Software Consortium).

The call for papers is open to the public. The main subject of interest is
botnets. Secondary subjects are Denial of Service attacks and phishing.
Submission is simple, email me directly with your topic and some data to
back it up by July 23rd.

The Call for Papers is now closed.

This year's workshop will be mainly on the subject of botnets. Secondary
subjects include Denial of Service attacks and phishing.

This workshop will provide with the usual benefits such as lectures and
networking, but mostly we will discuss the latest occurrences, technology
and intelligence and our future plans, as well as coordination and
information sharing between other operational and research communities.

Cooperation with law enforcement will also be covered.

Date: Thursday, August 10, 2006
When: 9:00 a.m. - 7:00 p.m.
Location: Cisco Systems, Inc. Building C
150 Tasman Drive
San Jose, CA 95134

After-party dinner: 7:00 p.m. - TBD.

Attending Remotely
A phone conference bridge and web conference will be available to share
presentations for remote attendees.

Intended Audience
Hands-on people and decision makers.

The workshop is organized by the DA and MWP communities with the much
appreciated help of Cisco Systems, Inc., and is open only for members
of the following communities:
DA, MWP (and sister communities such as routesec), OARC, NSP-SEC. FIRST
and the honey-net project.

If you are not a member and would like to attend, feel free to send a
request. We would be happy to learn of your interest.

The workshop is closed to reporters.

Please verify your arrival by August 1st, space is limited.

Attendance is free.

Gadi Evron, ISOI/DA Coordinator and Workshop Organizer,

Ellen Chandra

Many thanks to:
Roland Dobbins, Randy Abrams, Barry Raveendran Greene,
Ellen Chandra, Paul Vixie, Joe Hartmann, Nick FitzGerald,
Donald Smith and Randy Vaughn.