Thursday, August 20, 2009

Misconfiguration Issue of NSA Span Port

One of the purposes of releasing this dataset is to help us improve on our capture techniques so that the next dataset is that much more useful to anyone who uses it. Thanks to the input we have already received on the 2009 CDX dataset, we have identified an issue in the way the NSA switch was configured. Specifically, we believe the span port from which our capture node was placed was configured for unidirectional listening. This resulted in our capture node only "hearing" received traffic from the red cell. We don't believe this is the case with the capture files from the USMA network (we controlled that configuration). We will ensure this mistake is not made in upcoming captures and the 2010 CDX capture.

Friday, August 14, 2009

Link to 2009 Inter-Service Academy Datasets

Here is a link to the datasets and West Point logs from the 2009 Inter-Service Academy Cyber Defense Exercise.

http://www.itoc.usma.edu/research/dataset/

Purpose of this Blog

The purpose of this blog is to provide an avenue for users of the 2009 Inter-Service Academy Dataset to provide feedback. We also welcome suggestions on improving the dataset, as we have already started planning the data capture for the 2010 Inter-Service Academy Dataset which we hope to be even larger (through the deployment of addtional capture sensors) and more valuable.

Between now and April 2010 (when the 2010 CDX takes place), we hope to engineer a few data captures of high profile network warfare games, as well as, data captures of red-on-blue events here at the United States Military Academy at West Point.

So, send us your feedback, comments, suggestions, etc. Our goal is to provide the research community with quality, relevant datasets.