[unisog] An help for a thesis

Peter Van Epp vanepp at sfu.ca
Tue Nov 16 18:01:15 GMT 2004


	While it isn't entirely clear to me what you are hoping we can do for
you, assuming it is supply trace files in tcpdump format, then I expect that 
the Black Hat Briefings capture-the-flag network traces at 

http://www.shmoo.com/cctf/ 

are probably what you are looking for. These are traces from the test attack 
network at the black hat briefings and thus should be full of all kinds of 
attacks.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Mon, Nov 15, 2004 at 09:11:18PM +0000, mmunaret at studenti.math.unipd.it wrote:
> 
> 
> Hi y'all, I am doing a research for a thesis in intrusion detector learning but
> I have some problems sniffing a proper net.
> I am using a tcpdump log file to extrapolate some features that I need, like the
> lenght of the connection, the protocol type, the service and so on but I need to
> have other information like:
> "wrong fragment", urgent, connections that have SYN/REJ errors and so on.
> 
> Just for an example, features written here:
> www.kdd.ics.uci.edu/databases/kddcup99/task.html
> are ones that I use.
> Thank you so much for your contribution even if it is not a fully security issue.
> 
> -----------------------------
> Matteo Munaretto
> University of Padova - Italy
> Computer Science Dept.
> 
> -------------------------------------------------
> Mail inviata da: http://www.studenti.math.unipd.it
> 
> Dipartimento di Matematica Pura ed Applicata
> Universita' degli Studi di Padova
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list