I attended the most awaited Netfilter Workshop in Amsterdam. It was a great experience. I met so many amazing people, some also guided me about my future plans. I realized that I would have missed out an important meeting if I had not attended this workshop. You should also attend any workshops you might avail the invitations to.
This post is going to be about the User day and Developer days of the 12th annual Netfilter Workshop.
The user day was titled “Suricata meets Netfilter”. The day comprised of various talks about Netfilter and Suricata and how Suricata and netfilter together work as an efficient IPS. The day started with Andreas Herz (@) speaking about Suricata Intrusion Prevention with NFQUEUE. He gave the audience an insight of Suricata and OISF. He later told about why one should be using an IPS and how the IPS inside Suricata manages to work. He continued about the requirements for Suricata, a small demo and the advanced usage possible. You can find his presentation here.
After him, I spoke about iptables-translate: Benefits and need. Related posts can be found here: Part I and Part II. This is the link to my presentation. This is the unedited version, the edited version which was presented there included special thanks to Julia Lawall, nothing would have been possible without her help.
Next was Peter Manev (@) who did the black magic on stage (kidding 😛 ). He did a presentation on SELKS – Black (file) magic. An overview of his presentation can be:
S – Suricata IDPS
E – Elasticsearch
L – Logstash
K – Kibana
S – Scirius
Full presentation by Peter can be found here.
Eric Leblond (@), [the guy whose website content I have been stealing and putting in my blog posts (with full credits given to him though)] then presented the way to Amsterdamize your firewall. He told about key points of Suricata and docker and Amsterdam (when SELKS meets docker). He then explained about using ulogd2 as an Amsterdam component.
Eric‘s presentation can be found here.
Jesper D. Brouer (@) presented his Next steps for Linux Network stack approaching 100Gbit/s. He talked about MM-bulk, RX path, TX powers, Qdisc and its redesign and, XDP.
Jesper‘s presentation is here.
Next was the David S. Miller (@) who explained about Tunneling. He then continued with UDP tunnels and its problems, checksuming, GSO and GRO/LRO for tunnels.
Complete presentation by David can be found here.
Pablo Neira Ayuso then took up an nftables tutorial. He explained nftables internals, the tables, the chains, the rules, the expressions. He then covered the advantages of nftables namely, sets and maps, dictionaries, concatenations, flow tables, actions, comments, etc.
His full presentation can be found here. This can be really awesome thing to read if you are just beginning with nftables.
Giuseppe Longo (@) presented Suricata IDS/IPS: The mixed mode. He started with Suricata captures modes i.e. IDS and IPS. He then told about authorization signatures, actions, Suricata and NFQUEUE communication and NFLOG in Suricata to make it work in IDS mode. He then told about the mixed mode which is a feature that helps mix the IPS and IDS capabilities. This feature is yet to be merged.
Giuseppe‘s presentation can be found here. Again, a great source if you are just starting to learn about Suricata.
Next came Luigi Rizzo with his work on A Fast and Practical Software Packet Scheduling Architecture. He calls it PSPAT: Packet Scheduling with PArallel Transmit. He told about scheduling, its scope and limitations, constraints, algorithms and PSPAT design.
The content of his talk can be viewed here.
Victor Julien (@) spoke about Suricata 3.1 and Vuurmuur Firewall. He told about performance improvements and TLS updates in 3.1 and the plans for 3.2. Vuurmuur was born out of frustration with managing iptables scripts. Its goal is to allow users to easily setup and manage a secure and efficient firewall, without needing iptables specific knowledge. He then explained Vuurmuur features and rules.
Victor‘s presentations can be found here: Suricata 3.1 Vuurmuur
User day was great and following days were developer days. The presentations for developer days can be found here. Enjoy!
Please notify if you find anything wrong in the content.
Thanks for reading.
Author’s note: I’m writing about this so late because I magically turned into a panda when I came back to India, I’m back to normal now.