All Technical Sessions will be held in the New Orleans Marriott Hotel and include:

• Keynote (Wednesday morning)
• Refereed Paper Track (Wednesday - Friday)
• Invited Talks Track (Wednesday - Friday)
• Network Administration Track (Wednesday - Thursday 12:30pm)
• Security Administration Track (Thursday 2pm - Friday)
• Guru Is In Track (Wednesday - Friday)
• LISA Quiz Show (Friday afternoon)

Keynote Address: The World-Wide Syndicate
J.D. "Illiad" Frazer, Co-founder and creator of UserFriendly

J.D. will discuss how the Internet and on-line communities have enabled creators to offer their work directly to audience members without the traditional middleman.

Deep Thoughts
Session Chair: Rémy Evard, Argonne National Laboratory

Theoretical System Administration
Mark Burgess, Oslo College

An Expectant Chat About Script Maturity
Alva L. Couch, Tufts University

An Improved Approach for Generating Configuration Files from a Database
Jon Finke, Rensselaer Polytechnic Institute

How Not to Get Fleeced with Employee Stock Options
Jon Rochlis, The Rochlis Group, Inc.

Having stock options can be very rewarding, but if you don't know the rules of the game you can easily stumble across surprises that lower the value of your options or give you large tax bills. Even many "financial advisors" can be confused and make costly mistakes. This talk will cover the basics of employee stock options--types of stock, stock options (qualified and non-qualified), stock purchase plans, the IPO process, taxation, risks, strategies, valuation, and advanced tax planning.

Deploying Quality of Service Features on Your Network
Eliot Lear, Cisco Systems

A lot of trade press has been given to the phrases Quality of Service, Voice over IP, and the like. This talk will discuss what it means to give precedence to certain applications on your network, what sort of applications need preferential treatment, what some of the pitfalls are, and how to know when you've fallen into one of those pits. It will also look at the future of QoS.

You, a Rock, and a Hard Place
Session Chair: Christine Hogan, Imperial College

FOKSTRAUT and Samba--Dealing with Authentication and Performance Issues on a Large-scale Samba Service
Robert Beck and Steve Holstead, University of Alberta

Designing a Data Center Instrumentation System
Robert Drzyzgula, Federal Reserve Board

Improving Availability in VERITAS Environments
Karl Larson, Tellme Networks, and Todd Stansell, Certainty Solutions

SAGE Update
Barb Dijker, SAGE President

Detailed status updates and information about the development of SAGE projects will be presented: progress on certification, last year's salary survey results and what's new this year, marketing SAGE to gain recognition and credibility, student sysadmin internships, mentoring, and internationalization.

Analyze This!
Session Chair: William LeFebvre, CNN Internet Technologies

Wide Area Network Packet Capture and Analysis
Jon T. Meek, American Home Products Corp

Sequencing of Configuration Operations for IP Networks
P. Krishnan, ISPsoft, Inc.; T. Naik, Bell Labs; G. Ramu, CoSine Comm., Inc.; and R. Sequeira, ISPsoft, Inc.

ND: A Comprehensive Network Administration and Analysis Tool
Ellen L. Mitchell, Eric Nelson, and David Hess, Texas A&M University

Users and Passwords and Scripts, Oh My!
Session Chair: Trey Harris, Mail.com

User-Centric Account Management with Heterogeneous Password Changing
Douglas Hughes, Auburn University

Pelendur: Steward of the Sysadmin
Matt Curtin, Interhack Corp.; Sandy Farrar, and Tami King, The Ohio State University

Network Information Management and Distribution in a Heterogeneous and Decentralized Enterprise Environment
Alexander D. Kent and James R. Clifford, Los Alamos National Laboratory

The Digital House
Lorette Cheswick, cheswick.com

The Cheswicks have been computerizing their house since 1981. They have bent computer-age services to their very idiosyncratic needs: they are alerted to the arrival of snail-mail, they know who's at their front door, and their family photo album has become a Web site. A Linux text-to-speech application announces phone callers, the weather, and iridium flares. Cron wakes up their kids and performs other tasks. The whole family is involved planning new applications. But wait, there's more!

Go with the Netflow
Session Chair: David Williamson, Certainty Solutions

Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics
Bill Nickless, John-Paul Navarro, and Linda Winkler, Argonne National Laboratory

The OSU Flow-tools Package and CISCO NetFlow Logs
Mark Fullmer, OARnet, and Steve Romig, The Ohio State University

FlowScan: A Network Traffic Flow Reporting and Visualization Tool
Dave Plonka, University of Wisconsin. Madison

Dr. Felten Goes to Washington: A Personal View of the Microsoft Case
Edward Felten, Princeton University

Edward Felten recently served as an expert witness in the Microsoft antitrust case and as a consultant to the Department of Justice. He will talk about his experiences in working on this high-profile case, and what he learned about the law, economics, computer science, and connections among them.

To Be Announced

The Toolshed
Session Chair: Phil Scarr, Certainty Solutions

xps--Dynamic Process Tree Watching
Under X
Rocky Bernstein, Breakaway Solutions

Extending UNIX System Logging with SHARP
Matthew Bing and Carl Erickson, Grand Valley State University

Peep (The Network Auralizer): Monitoring Your Network with Sound
Michael Gilfix and Alva Couch, Tufts University

Experiences with Incident Response at The Ohio State University
Steve Romig, The Ohio State University

Steve will talk about his experiences with incident response at OSU. He'll talk briefly about the formation and current structure of the OSU incident response team, the services they provide, and how they approach incident response. The majority of the talk will cover real-life successes and failures (and amusing anecdotes) from a large and long-running investigation of two local cracking groups.

Broadband Changes Everything
Brent Chapman, Great Circle Associates, Inc.

End users today are connecting to the Internet at speeds that, a couple of years ago, were available at only the best-connected sites and were shared by hundreds or even thousands of users. And the "always on" nature of broadband is likely to have even more fundamental and far-reaching consequences. This talk will give you an introduction to end-user broadband services and an idea of how they'll change your life both as a user and as a network manager.

1984
Session Chair: Jeff Allen

Thresh--A Data-Directed SNMP Threshold Poller
John Sellens, Certainty Solutions

eEMU: A Practical Tool and Language for System Monitoring and Event Management
Jarra Voleynik, eEMUconcept Pty Ltd

Aberrant Behavior Detection in Time Series for Network Service Monitoring
Jake D. Brutlag, Microsoft WebTV

Integrating LDAP in a Heterogeneous Environment
Leif Hedstrom, Netscape

This talk discusses the intricacies and obstacles, as well as the joy, in integrating LDAP into a heterogeneous environment at Netscape. The audience will learn from our experiences, as well as find out what is available today. Not just a beginner's guide to LDAP, the presentation emphasizes a primarily UNIX environment but of course covers Windows NT and 2000 integration.

Cops are from Mars, Gurus are from Pluto: Dealing with "the Feds" and Other Cops
Tom Perrine, Pacific Institute of Computer Security

Every system administrator will have to deal with law enforcement at some time, usually in connection with a security incident. This talk is about how to interact with them effectively. It covers cultural differences and language barriers, differing goals, ways to build bridges, and how to spot a "fake Fed." Jurisdictional issues, preserving evidence, and guidelines for testifying in court are also covered.

The Sorcerer's Apprentice
Session Chair: Josh Simon, Collective Technologies

PIKT, "Problem Informant/Killer Tool"
Robert Osterlund, University of Chicago

Relieving the Burden of System Administration Through Support Automation
Allan Miller and Alex Donnini, HandsFree Networks

FTP Mirror Tracker: First Steps Towards URN
Alexei Novikov, ITEP, and Martin Hamilton, Loughborough Univ, UK,

Mapping Corporate Intranets and Internets
Bill Cheswick, Lumeta Corporation

Bill will talk about what the researchers at Bell Labs and Lumeta have learned about mapping corporate intranets. As intranets grow they become more difficult to track. By mapping corporate networks they have been able to find security problems, gain a better understanding of what's out there, and provide pretty pictures of the network which management finds useful.

Does It Take the Same Skill Set to Secure a System as to Break into It?
Panelists: Peter Shipley, Lab OneSecure Inc.; Mark Hardy, Guardent, Inc.; and Elias Levy, securityfocus.com

With myriad companies bidding for the contract to secure your Internet services, two questions arise: (1) "What does it take to do the job?" (2) "If this company hires 'reformed hackers,' is that good or bad?" Are these people competent? Should you contract with a company that employs reformed hackers or convicted felons? Conversely, why should you trust a company that doesn't have people who know security from both sides? This panel includes representatives from the cracking community, corporate and professional services, and law enforcement.

Fully Automatic
Session Chair: John Orthoefer, Genuity Inc.

Deployme: Tellme's Package Management and Deployment System
Kyle Oppenheim and Patrick McCormick, Tellme Networks

Automating Request-based Software Distribution
Christopher Hemmerich, Indiana University

Use of Cfengine for Automated, Multi-Platform Software and Patch Distribution
David Ressman and John Valdes, University of Chicago

The Design and Implementation of Highly Scalable Email Systems
Brad Knowles, Belgacom Skynet SA/NV

Email systems can scale larger than had been thought possible! This talk will detail fundamental flaws in the current mailbox-per-user paradigm of standard off-the-shelf Local Delivery Agent software. It will describe how they can be scaled up to handle many more users, how virtually all synchronous metadata and file locking can be eliminated, how storage requirements can be reduced to grow at a rate less than O(n), and how various services can be broken out and handled by multiple separate servers.

Real-World Intrusion Detection--First Steps
Mark K. Mellis, SystemExperts Corporation

For decades intrusion detection has been desired but rarely implemented at most organizations. Finally, emerging technologies and proven techniques are making intrusion detection not only possible but downright practical. This talk is addressed to all technical staff and managers who want to understand how to practice integrated intrusion detection at their site. Examples of actual scripts and a discussion of when to use them will be included.

Building Blocks
Session Chair: Ruth Milner, NRAO

Unleashing the Power of JumpStart--A New Technique for Disaster Recovery, Cloning, or Snapshotting a Solaris System
Lee Amatangelo, Collective Technologies

A Linux Appliance Construction Set
Michael W. Shaffer, Agilent Labs RCS

Automating Dual Boot (Linux & NT) Installations
Rajeev Agrawala, Shaun Erickson, and Robert Fulmer, Lucent/Bell Labs Research

SANs--From A to Reality
W. Curtis Preston, Collective Technologies

Storage Area Networks (SANs) are showing up everywhere. Many IT managers have been overheard making statements such as, "We're going to completely get rid of X, Y, and Z, and replace it with a SAN," or "We've got to have a SAN road map." This talk gives you the information you need to be able to respond appropriately to such statements, and it includes examples of real-life applications of SAN technology so that you can decide whether or not a SAN is in your future.

Someone's Knocking at the Door...
Session Chair: Cat Okita, Global Crossing Ltd.

Tracing Anonymous Packets to Their Approximate Source
Hal Burch, Carnegie Mellon Univ, and Bill Cheswick, Lumeta Corporation

Analyzing Distributed Denial of Service Tools: The Shaft Case
Sven Dietrich, NASA Goddard Space Flight Center; Neil Long, Oxford University; and David Dittrich, University of Washington

Work-in-Progress Reports
Session Chair: Peg Schafer, Harvard University

Short, pithy, and fun, Work-in-Progress reports introduce interesting new or on-going work, and the LISA audience provides valuable discussion and feedback.

A schedule of presentations will be posted at the conference.

To present a WiP, please see the submission instructions.

Why the Documentation Sucks and What You Can Do About It
Steven Levine, SGI

System administrators often complain about documentation. It can be difficult to find just the right information in the circumstances you most need it. Why is this so? This talk will discuss some inherent difficulties of writing administration documentation, presented from the point of view of a technical writer. It will also present proposals for how system administrators and technical writers can work together to improve the general state of administration documentation.

. . . Don't Let Them In
Session Chair: Simon Cooper, SGI

YASSP! A Tool for Improving Solaris Security
Jean Chouanard, Xerox PARC

SubDomain: Parsimonious Server Security
Crispin Cowan, Steve Beattie, Greg Kroah-Hartman, Calton Pu, Perry Wagle, and Virgil Gligor, WireX Communications, Inc.

NOOSE--Networked Object-Oriented Security Examiner
Bruce Barnett, General Electric Corporate Research & Development

Back by popular demand, Rob Kolstad hosts this challenging test of wits for LISA attendees. Watch contestants wither under the dual spotlights of difficult questions and special attention of the moderator. Entry forms for contestants available Thursday around noon.