cipherdyne.org

Michael Rash, Security Researcher

• Home
• Blog Archives
• Software
• Author
• Contact

Michael Rash, Security Researcher

Resume All projects distributed on this site were developed as open source software in Perl and C by Michael Rash, and my resume is available here. In addition, many of my articles, papers, and conference talks can be downloaded below.

Publications

1. "Advanced SPA with fwknop", Hakin9 Magazine, September 2008
   
   
2. "IDS Signature Matching with iptables, psad, and fwsnort", USENIX ;login: Magazine (Security Issue), December 2007
   
   
3. "Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort", No Starch Press, September 2007
   
   
4. "Protecting SSH Servers with Single Packet Authorization", The Linux Journal, May 2007
   
   
5. "Single Packet Authorization", The Linux Journal, April 2007
   
   
6. "Wireshark & Ethereal Network Protocol Analyzer Toolkit" (contributed the active response case study on pages 398-402), Syngress Publishing, December 2006
   
   
7. "Single Packet Authorization with fwknop", USENIX ;login: Magazine, February 2006
   
   
8. "Intrusion Prevention and Active Response : Deploying Network and Host IPS", Syngress Publishing, February 2005
   
   
9. "Combining Port Knocking and Passive OS Fingerprinting with fwknop", USENIX ;login: Magazine, December 2004
   
   
10. "Snort 2.1 Intrusion Detection, Second Edition", Syngress Publishing, June 2004
    
    
11. "Content Filtering and Inspection with fwsnort and psad", Sys Admin Magazine, April 2004
    
    
12. "Firewalls: Doing it Yourself", Information Security Magazine, October 2003
    
    
13. "Running Linux and Netfilter on Nokia IP Series Hardware", The Linux Journal, April 2003
    
    
14. "Security Benchmark for Linux" (Contributing Editor), The Center for Internet Security, May 2002
    
    
15. "Securing Linux Step-By-Step" (Contributing Editor), SANS, March, 2002
    
    
16. "Verifying Filesystem Integrity with CVS", The Linux Journal, February 2002
    
    
17. "Detecting Suspect Traffic", The Linux Journal, November 2001
    
    

Conference Talks

1. "Single Packet Authorization", DojoCon, November 2009 (recorded video here).
   
   
2. "Port Knocking and Single Packet Authorization: Practical Deployments", The Last HOPE, July 2008
   
   
3. "Advanced Linux Firewalls", SOURCE Boston, March 2008
   
   
4. "Iptables Attack Visualization", OSCON, July 2007
   
   
5. "Zero-day Attack Prevention via Single Packet Authorization", Techno Security, June 2007
   
   
6. "Attack Detection and Response with Linux Firewalls", ShmooCon, March 2007
   
   
7. "Service Cloaking and Anonymous Access; Combining Tor with Single Packet Authorization (SPA)", DefCon 14, August 2006
   
   
8. "Maximum Netfilter", OSCON, July 2006
   
   
9. "Advances in Single Packet Authorization", ShmooCon, January 2006
   
   
10. "Netfilter and Encrypted, Non-replayable, Spoofable, Single Packet Remote Authorization", ToorCon 7, September 2005
    
    
11. "Securing the Enterprise with Netfilter", Linux World Summit, May 2005
    
    
12. "Advanced Netfilter; Content Replacement (ala Snort_inline) and Combining Port Knocking with p0f", DefCon 12, July 2004
    
    

Online Book Chapters

1. Chapter 10 "Deploying fwsnort" from "Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort", No Starch Press, September 2007
   
   
2. Chapter 5 "Network Inline Data Modification" from "Intrusion Prevention and Active Response: Deploying Network and Host IPS", Syngress Publishing, February 2005
   
   

Interviews and Web Articles

1. "The Art of Information Security Blog Interviews Michael Rash", artofinfosec.com, February 2009
   
   
2. Interview with Michael Rash, Security Architect and Author of "Linux Firewalls", net-security.org, November 2007
   
   
3. Linux Firewalls Hold Up Under Application Layer Attacks, CRN, November 2007