IDS – Page 11 – WindowsTechs.com

Attack steps in NMAP during service and version detection [on hold]

Posted on May 12, 2019 by Mario

I have two machines:

Kali Linux [192.168.1.1/24]
Ubuntu with snort IDS installed)[192.168.1.2/24]

I’m testing nmap tool against Ubuntu machine (with Snort IDS), and have ran the command nmap -sV 192.168.1.1.

Snort IDS t… Continue reading Attack steps in NMAP during service and version detection [on hold]→

What does "DECed" mean in Network Security?

Posted on May 11, 2019 by Ferdinand.kraft

As in this MIB documentation: http://www.circitor.fr/Mibs/Html/F/FORTINET-FORTIGATE-MIB.php#fgIpsAnomalyDetections

fgIpsAnomalyDetections 1.3.6.1.4.1.12356.101.9.2.1.1.9
Number of intrusions DECed as anomalies since start-u… Continue reading What does "DECed" mean in Network Security?→

Is using a ja3 hash worth it?

Posted on May 10, 2019 by blabla_trace

I’ve been reading about ja3 and ja3s hashes, and although it certainly is a way to address suspicious traffic detection in encrypted traffic it still is, at least in my opinion, a static approach. It does not much differ from the “traditio… Continue reading Is using a ja3 hash worth it?→

How would you characterize a cyber surface?

Posted on May 9, 2019 by user207558

Thinking through a network boundary characterization, say firewall/IDS flux. How some activity may change profile of that surface.

Continue reading How would you characterize a cyber surface?→

Public Availability of a good Dataset in PCAP (TCPDUMP) format for IDS/IPS testing

Posted on May 7, 2019 by aneela

I am trying to pass good reputable malicious traffic from an IPS. There are several sources on internet to explore datasets like the oldest I think DARPA set (not available in pcap format and not that efficient for modern day… Continue reading Public Availability of a good Dataset in PCAP (TCPDUMP) format for IDS/IPS testing→

Snort logs in csv

Posted on April 30, 2019 by Tasneem Singh

I’m trying to get the output of snort log file in csv format. For this in snort.conf, I added output alert_csv: alert.csv default but there is no alert.csv file created. How do I access this file?

Continue reading Snort logs in csv→

Confusion Matrix for Generated Signatures in Snort

Posted on April 30, 2019 by Tasneem Singh

How do we come with True Positives and False Negatives rates when creating signatures in IDS? How do we measure the signatures efficiency? I’ve seen so many papers that discuss the same, but how do they come up with these num… Continue reading Confusion Matrix for Generated Signatures in Snort→

What is an Albert sensor?

Posted on April 27, 2019 by D.W.

Recent news articles have started to talk about government networks deploying “Albert sensors” (e.g., this article). What is an Albert sensor? And how effective is it?

Going purely from context, it sounds like maybe an Alb… Continue reading What is an Albert sensor?→

Help with testing snort

Posted on April 22, 2019 by Alison

I have been learning how snort works for a school project I am working on. I am hoping to launch specific types of network attacks against snort like port scanning, DoS, Sql injection, etc.

I am sadly very inexperienced wit… Continue reading Help with testing snort→

What is recommended size for Suricata Ruleset (i.e., Signatures)?

Posted on April 17, 2019 by Faisal Hussain

What is the recommended size for Suricata ruleset(i.e., Signatures)?
Kindly answer with some references, reason.

Continue reading What is recommended size for Suricata Ruleset (i.e., Signatures)?→