This is a listing of the presentations I have given both in the open source realm (on topics of security, routing, the DNS system and traffic control) as well as those (on behalf of a former employer) in the commercial and global networking community realm. The acronyms used below are as follows:

NANOG:North American Network Operator Group
AMSIX:Amsterdam Internet Exchange
LINX:London Internet Exchange
APRICOT:Asia Pacific Regional Internet Conference on Operational Technologies
MadLUG:Madison Linux User Group
DFZ:Default Free Zone, should be TFZ
TFZ:Transit Free Zone, a member of the core Internet clique

Also, it may not be obvious where the data for some of these presentations originated. Renesys collected BGP views of the Internet from hundreds of peers (more than 400 locations in 2014), so it was possible to infer business relationships, connectivity (or lack thereof) and interprovider relationships from the resulting data.

1   Public / community presentations

1.1   Linux Server Hardening, reprise (2006-10-24)

The Madison Information Technology Association invited me to give a simplified talk on hardening a Linux server after attending my earlier MadLUG presentation. On 2006-10-24, I ran through the basics and introduced the basics of security and jumped into the tools available to a systems administrator wishing to harden a system. The materials I provided were introductory in nature, but included a sheet of commands and output as well as an outline of the talk as well as

I was the sole author and presenter.

1.2   Linux Server Hardening (2006-07-11)

The MadLUG solicited a talk on server hardening. I provided a detailed introduction of the steps one could take to harden a server at the time. The main content was simply an outline and two example configuration file snippets, one for Apache modules and another for sshd_config which I used to explain and illustrate during the talk.

I was the sole author and presenter.

1.3   Introduction to Phishing (2006-07-11)

DANEnet, a Dane County (Wisconsin) non-profit solicited me for a presentation on the mechanics of phishing. I delivered an overview talk on phishing along with a diagram of the participants and systems involved. During the talk, I made a careful walkthrough of the defenses and countermeasures that are available to the end user, systems administrator and security personnel.

I was the sole author and presenter.

1.4   Traffic Control with Linux (2003-09-16)

On 2003-09-16, I presented on implementing network traffic control with Linux. I provided an overview of traffic control concepts and how they mapped to the kernel structures and disciplines available under Linux. I also distributed a diagram of a specific Traffic Control Scenario using the Hierarchical Token Bucket queuing discipline, which was quite popular at the time.

I was the sole author and presenter.

2   Public / corporate presentations

2.1   DNS Tampering and the Root Servers (2010-11-24)

At the Amsterdam Internet Exchange (AMSIX) General Meeting, on 2010-11-24, I presented DNS Tampering and the Root Servers, in which Renesys analyzed the leakage of Chinese Internet censorship political policy outside the national boundaries. This occurred because of an interaction between BGP Anycast, the Beijing instances of the F- I- and J- root nameservers and policy enforcement of the Great Firewall (GFW).

In addition to giving the talk, I contributed a good deal of data extraction and analysis support.

2.2   The Recession and the Routing Table (2009-11-17)

At the LINX meeting on 2009-11-16, I presented on the visible effects in the routing table of the post-2008 economic recession. The short version is that, with careful reading of the transit tea leaves, the economic recession did not relax the pressure on the IPv4 space market because the transit market remained cheap! The Recession and the Routing Table covers a few exploratory ideas such as a transit diversity metric and a routing stability metric.

While I presented the content, my colleague Jim Cowie was the author and analyst of the content.

2.3   Internet Captivity and Depeering (2009-01-27)

After years of observing regular depeering events, Renesys examined the concept of Internet Captivity. I and my fellow authors tried to quantify the risk to edge (or leaf) autonomous systems. The NANOG talk Internet Captivity and the De-peering Menace briefly reviewed the scope of visible connectivity loss of some prominent depeerings. After defining captivity and examining a few events, we identified the likely number of captives within the downstream cone of each TFZ member. (And, yes, DFZ in this talk should have been TFZ.)

I authored and presented the material, but relied heavily on my colleagues Alin Popescu and Clint Hepner for analysis, language assistance and, of course, data extraction.

2.4   Peering Wars, Lessons Learned from the Cogent-Telia Depeering (2008-06-02)

When Cogent (AS 174) de-peered Telia (AS 1299), both of whom were members of the transit free zone, the result was an IPv4 Internet partition. This means that some autonomous systems (networks) could simply not reach certain other autonomous systems. There were a number of high profile de-peering events before I gave the talk Peering Wars, but this was one of the large and more notable IPv4 partitions.

While I presented the material, most of the data and content for this talk was wrangled by my colleagues, Alin Popescu and Earl Zmijewski.

2.5   Aftershocks from the Taiwan Earthquakes (2008-02-19)

South of Taiwan, there is a fragile geophysical area, through which many submarine cables pass. It is called the Luzon Strait and many submarine cables providing service to eastern Asia (at the time) passed through this strait. An earthquake and submarine landslides, 7 of the 9 cables passing through this fragile area were damaged, massively disrupting Internet connectivity throughout eastern Asia. The talk Aftershocks from the Taiwan Earthquakes detailed the short-term results (routing outage and instabilities) and the longer-term results (transit preferences changed).

In addition to giving the talk, I provided some technical assistance in data extraction and analysis, although most of the data and analysis came from the other contributors.

2.6   Lightning talk on my analysis of Youtube Hijack (2008-02-27)

A colleague of mine, Earl Zmijewski, presented an APRICOT lightning talk shortly after the famous Pakistan Telecom hijack of Youtube conference. The talk Pakistan Telecom Hijacks YouTube followed after my Renesys blog post and a nice mention in the New York Times article Pakistan Cuts Access to YouTube Worldwide.

I authored the blog post and the presentation.

3   Corporate training sessions

3.1   Network Security Engineer Bootstrap

After the (Ambiron)TrustWave acqusitition of SecurePipe, Inc., I contracted part-time over a period of months to write and teach a (proprietary) bootstrap set of training materials for future Network Security Engineers.

This material was a deep introduction to the RPM-based software distribution that the TrustWave (SecurePipe) platform used for delivering all managed security services. Here's a non-exhaustive fragment of the content-outline:

  • platform overview (lifecycle, IDS, VPN, mail, monitoring)
  • centralized non-platform services (modems and other remote access, config management, customer portal, mail-handling services, log-handling services)
  • support systems (customer and ticketing info, knowledge database, policy documents)
  • custom appliance booting, flashing, serial and modem access, field reinstall
  • Ethernet and ARP (esp. proxy ARP, since firewall + DMZ)
  • IP, addressing, routing
  • DNS, diagnostic tools, proxy, split-horizon, forwarding and caching
  • ICMP, different types, minimum set and how to read with tcpdump
  • netfilter, rules and NAT
  • packet filter abstraction tools
  • sockets, diagnostic tools, transparent and explicit proxies (e.g. squid)
  • SSL, diagnostic tools, x509 dumping
  • VPNs, IPSec, CIPE (an early VPN after which the superior OpenVPN was modeled)
  • MTU issues

I ran this hands-on training program several times for TrustWave. Each session required approximately 3 weeks of meetings, for about 10 hours a week. I usually split the sessions along the pedagogical guidelines of 15 minutes of instruction, followed by 15-30 minutes of individual effort, a short break and then on to the next topic. During the training interval, each network security engineer shadowed another employee.

At the end of this training, the individual network security engineers were ready to handle direct customer support of firewall and VPN issues and had an acceptable grounding in networking to begin to handle more complex topics, such as intrusion detection.

I was the sole author of this (proprietary) material.