I’m developing free software since the end of the 20th century. I’m mainly working on software related to network and security.
Personal projects#
I’ve started the following projects:
- NuFW: the authenticating firewall
- Nulog: Netfilter log analysis
- NuApplet: A NuFW client under the form of a GTK applet
- NF3D: a Netfilter visualisation tool
- lagfactory: a script to simulate high latency network on standard one
- coccigrep: a semantic grep based on coccinelle
- opensvp: a firewall testing tool
- suriwire: plugin for wireshark which display Suricata alert
Contributions#
I’m part of Suricata coding staff. I worked on the IPS part of Suricata engine and in other areas mostly related to optimization.
I’m a emeritus member of Netfilter coreteam and I was the maintainer of ulogd2 the userspace logging daemon for Netfilter/iptables.
You can get detailed information about some of my contributions on my Github account.
Introduction nf3d is a Netfilter visualisation tool. It displays connections and logged packets in a GANTT diagram fashion. nf3d source are hosted on github: nf3d source
Download latest version: nf3d-0.8.tar.gz
This is a visualization method that can be used to see and detect attacks. For example, the following image is the trace of an ssh scan:
...
Suri-stats is a small script based on ipython and matplotlib. It enables you to load a suricata stats.log file. Once this is done, it is possible to graph things.
Suri-stats is hosted on github: https://github.com/regit/suri-stats
Introduction Opensvp is a security tool implementing attacks to be able to the
resistance of firewall to protocol level attack. It implements
classic attacks as well as some new kind of attacks against application
layer gateway (called helper in the Netfilter world).
The document Secure use of iptables and connection tracking helpers describes
the protection method against this type of attack for a Netfilter firewall.
Download and more The project is hosted on github:
...
Introduction Suriwire is a plugin for wireshark which display suricata alert and protocol info on a pcap file inside the wireshark output. Suriwire is using Suricata’s EVE JSON log file to generate information inside Wireshark and thus is requiring at least Suricata 2.0.
Suriwire has the following features:
Display of alerts in the expert info window Display of alerts on a packet in the packet details Filter wireshark output by using signature fields such as a given sid or the content of a signature message Display of protocols information such as TLS and SSH in the expert info window and packet details Filter wireshark output using Suricata extracted protocol fields such as TLS subject DN For example, you can filter on all TLS subject matching a string like ‘microsoft’ by using the filter suricata.tls.subject contains “microsoft”:
...
Introduction coccigrep is a semantic grep for the C language based on coccinelle. It can be used to find where a given structure is used in code files. coccigrep depends on the spatch program which comes with coccinelle.
Download and source Latest version is 1.13: coccigrep-1.13.tar.gz
The source can be accessed via github.
Examples To find where in a set of files the structure named Packet is used, you can run:
...