Welcome to my Web page devoted to one of my favorite recreational activities, programming computers. Occasionally I get the urge to program, so I do. Also also end up programming alot at work.
I have written some programs for my research and for classes, but I will focus here on the ones I've written just for the heck of it.
(nothing here yet, but I am on the team that produces the Symantec Network Security IDS.)
Silicon Defense programs
These are a few of the more notable programs I wrote while working at (now defunct) Silicon Defense.
This is GPL'd open source program which takes a set of Snort alerts from files or databases and presents them as a set of interlinked HTML pages optimized for an analyst finding alerts of interest. There is also functionality to reference documentation, to store annotations and incidents and to produce e-mail reports. While I didn't write the first version or two of this and don't get "credit" for the name, in the over the 3 years I've been it primary developer, it has expanded significantly and can now be referred to as a project instead of just a script. This is probably my most famous program at present.
Spade is the other major GPL'd program I was involved with at Silicon Defense. Spade (the Statistical Packet Anomaly Detection Engine) is a Snort IDS plug-in which identifying unusual packets for a network. This is focused mainly at finding portscan probes. This was built into Snort during its 1.7 and 1.8 versions. Simon Bliles now maintains this and a Snort 2.4.0 compatible version is available.
When used in conjunction with Spade, Spice (the Stealthy Probing and Intrusion Correlation Engine) identifies the stealthy (and unstealthy) portscans on your networks. It finds scans that are more stealthy than any other IDS that I know of. It can find scans that are slowed down and appear to come from multiple sources. Spice is presently only available as part of the Sentarus CounterSleuth appliance.
A network-oriented worm simulator
One program I wrote for internal use pretends to be a set of hosts and behaves as if a worm is propagating and spreading among the set of vulnerable hosts. This would typically be used when instances of the program were running on multiple hosts (each representing a set of hosts) to make the network look very much like a real worm was trying to spread. The hosts represented need not defined anywhere on the network and a host doesn't become infect unless successfully probed.
There are many other programs I wrote there. Many involved network packets, automated experiment running and suites of related programs.
Security lab programs
(need to fill in details here)
Getcomments was my original most famous program and was the first one with it's own Web page. It takes the output of an HTML form (i.e. used for comments) processes it, and takes a specified set of actions relating to what was contained. This program is publicly available.
Maketext takes a set of HTML pages and produces an identical set of pages except that they are free of in-line images. The images are replaced with the ALT text, if available, and links to local pages are changed to the text-only versions. This program can be useful if you want to automatically maintain two sets of pages, one with graphics and one without (for those on slow-links).
This short but useful program makes a copy of an accessed link before it is passed on to an "external viewer". I use it to store a local copy of audio on movie files I click on when browsing the Web prior to running the appropriate viewer which you can't save from. (That text is longer the actual program.)
(See also my visualization research.)
Mkfunctmap, which is now publicly available, takes as input C source files and outputs a graph of the function calls within those files, with the functions in the same file grouped together. The output is in the format used by the DOT program from AT&T Bell Labs (see the manual). Here is an postscript example of the output. Besides its use as a documentation tool, it can be used as a software engineering tool to see the connectivity of functions, to see what functions are called frequently and to provide feedback on the appropriate placement of functions in a file (module). For more information including distribution, see the Mkfunctmap home page.
Trash is an alternative for the "
rm" command on Unix systems. It moves the file to a "trash can" instead of actually deleting it. It recognizes the "
-r" option, deals with symbolic links intelligently and is fairly robust. If anyone expresses an interest, I'll probably release this code.
Dcheck checks what processes are running and it certain ones aren't running, it starts them (if it can) and sends out mail. This is intended to be run periodically as a "cron" or "at" job. It is useful for automatically restarting crashed processes. I used to use it to restart the http daemon for the Web server I maintained and other background processes I have in case of failure.
As a kid, I wrote lots of programs in BASIC 2.0 on my Commodore 64. These include:
Adaptations of board games
Parchisi, Mastermind (more game options than the original), Battleship (using "AI"!), Clue, Whodunit? and a couple others I can't remember.
A mimic of the draw poker machines I saw as a kid (shh!) when I went to a Casino in Carson City, Nevada. Now available as a hand-held device. No, I did not invent those, but don't I deserve some royalties or something? :-)
For use by my family. They actually stored data to disk!
None of which I can remember off hand.
These lists are by no means exhaustive.
Copyright © by James Hoagland
www.hoagland.org | email@example.com
3 September 2005