final agenda for August 10th DA Workshop
Probably will have final tweaks. Web site: http://isotf.org/isoi.html Please note, aside to bringing us all together, one of the main goals is seeing the different perspectives and current operations of the different sides of the fight. Namely: Law enforcement, Anti Viruses, Anti Spam, Dynamic DNS Porviders and ISP's. So far, 67 spots out of 75 available at the Cisco facility in San Jose are taken. The agenda is quite tight. Thank you all for your support in setting this up at such short notice, and for the community for getting involved beyond the closed circle groups. Even if the participation vetting remains only for the closed groups, some CFP submissions have been very interesting and allowed. As the communities around DA and MWP were originally started from NANOG and an AV-ers list, I am very glad the NANOG community remains involved at the level it does. Agenda ------ 09:00 - 09:05 - Preview of the day - Gadi Evron (Beyond Security) 09:05 - 09:30 - Early sessions - botnets from different perspectives, hosted by Paul Vixie (ISC): ISP's Barry Greene (Cisco) Anti Virus industry Joe Hartmann (Trend Micro) DynDNS providers Joshua Anderson (Afraid) Anti spam and reputation services Dave Crocker (Brandenburg InternetWorking) Main Lectures: 09:30 - 10:10 Key-note: "Bot, Botnets, Sandbox, Impact" Righard J. Zwienenberg (Norman) 10:10 - 10:45 "MSRC Malware/Exploit Zero Day Response - Case Studies" Greg Galford (Microsoft) 10:45 - 11:20 "The Rough Road Around Us in Botnet Tracking" Jose Nazarijo (Arbor) 11:20 - 11:55 "Malcode Toolkit Profiteering: Feeding the Trend in M.O. from Fame to Fortune" Hubbard Dan (Websense) 11:55 - 12:30 Lunch break Got chow? 12:30 - 13:05 Case Study: *** Levi Gundert (US Secret Service) 13:05 - 13:40 "Recent Bots Detection Information from Microsoft Security Products" Ziv Mador (Microsoft) 13:40 - 14:25 "Router Stress: An Under the Hood Look at How a Router is Really Attacked and DOSed" Barry Raveendran Greene (Cisco) 14:25 - 15:00 "What Keeps Us Up at Night: New & Advanced Difficult to Mitigate DDoS Attacks" Darrel Lewis (Cisco) 15:00 - 15:35 "Phishing and Botnets Organized Crime: Globalization and Tehnology Intelligence Update" Gadi Evron (Beyond Security) 15:35 - 16:10 TBA Jerry Dixon (US-CERT, DHS) Turbo talks: 16:20 - 16:35 "The Global Infection Rate" Rick Wesson (Alice's Registry) 16:35 - 16:50 "Fast-flux Botnet C&C Servers - Detection & Mitigation" Randy Vaughn (Baylor) 16:50 - 17:10 TBA David Ulevitch (EveryDNS / OpenDNS) 17:10 - 18:30 - Community discussion subjects: "The Past Year in Activity" Gadi Evron "Law Enforcement Cooperation Operations TBA "Creating More Actionable Intelligence" TBA "The Ratout AS-based Reporting System, Overview and Future Development" Randy Vaughn "Activity for the Coming Year" Gadi Evron After-party: Dinner, hosted by the ISC. Gadi.
On Fri, 21 Jul 2006 19:25:46 CDT, Gadi Evron said:
Please note, aside to bringing us all together, one of the main goals is seeing the different perspectives and current operations of the different sides of the fight.
The agenda is quite tight.
Perhaps *too* tight. When I was at Usenix SRUTI '05 last year, the single biggest problem with an otherwise good workshop was a lack of cross-pollination time. And that schedule was nowhere *near* as tight, and fewer attendees. Remember that the hallway track of a conference is where much of the most interesting stuff happens: http://www.google.com/search?q=conference+%22hallway+track%22
11:55 - 12:30 Lunch break Got chow?
Indicative of the problem. 3 hours of sessions, followed by only a half hour to eat *and* discuss (at SRUTI, it was an hour, lunch was provided, and it *still* wasn't enough time to eat and discuss as well). Then another 6 hours of sessions scheduled with only a 10 minute break.
The agenda is quite tight.
Perhaps *too* tight. When I was at Usenix SRUTI '05 last year, the single biggest problem with an otherwise good workshop was a lack of cross-pollination time.
agreed. (i was on the progcomm for that; thanks for your kind words.)
Remember that the hallway track of a conference is where much of the most interesting stuff happens:
http://www.google.com/search?q=conference+%22hallway+track%22
11:55 - 12:30 Lunch break Got chow?
Indicative of the problem.
also agreed. which is why there's this little ditty at the end: After-party: Dinner, hosted by the ISC. this is "pizza and beer in the warehouse" but it'll allow cross-pollination. -- Paul Vixie
On 22 Jul 2006, Paul Vixie wrote:
The agenda is quite tight.
Perhaps *too* tight. When I was at Usenix SRUTI '05 last year, the single biggest problem with an otherwise good workshop was a lack of cross-pollination time.
agreed. (i was on the progcomm for that; thanks for your kind words.)
Remember that the hallway track of a conference is where much of the most interesting stuff happens:
http://www.google.com/search?q=conference+%22hallway+track%22
11:55 - 12:30 Lunch break Got chow?
Indicative of the problem.
also agreed. which is why there's this little ditty at the end:
After-party: Dinner, hosted by the ISC.
this is "pizza and beer in the warehouse" but it'll allow cross-pollination.
At this point in time I would like to publicly thank Cisco for the space, and Paul at the ISC for the after-party dinner.
-- Paul Vixie
On Sat, 22 Jul 2006 Valdis.Kletnieks@vt.edu wrote:
On Fri, 21 Jul 2006 19:25:46 CDT, Gadi Evron said:
Please note, aside to bringing us all together, one of the main goals is seeing the different perspectives and current operations of the different sides of the fight.
The agenda is quite tight.
Perhaps *too* tight. When I was at Usenix SRUTI '05 last year, the single biggest problem with an otherwise good workshop was a lack of cross-pollination time. And that schedule was nowhere *near* as tight, and fewer attendees.
Remember that the hallway track of a conference is where much of the most interesting stuff happens:
http://www.google.com/search?q=conference+%22hallway+track%22
11:55 - 12:30 Lunch break Got chow?
Indicative of the problem. 3 hours of sessions, followed by only a half hour to eat *and* discuss (at SRUTI, it was an hour, lunch was provided, and it *still* wasn't enough time to eat and discuss as well). Then another 6 hours of sessions scheduled with only a 10 minute break.
You are, of course right. You should keep in mind we all work with these issues on a daily bases for a while now. If any of us can't keep up with the brief to-the-point tech and strategy talks, well.. oh well. The workshop itself is an open enviroment, with food and driks served at one wall and free wireless access. Further, you should keep in mind most of us know each other well. Not that it would change much, but there is another 10 minutes break later in the day and the evening to discuss over beer. Plus a life-time to continue on our respective lists. That said, you are right and we will aim to do better next time. Just be careful, because I fully intend to dump at least some of the work on your shoulders next time. :) Gadi.
participants (3)
-
Gadi Evron
-
Paul Vixie
-
Valdis.Kletnieks@vt.edu