IDS – Page 15 – WindowsTechs.com

How IDS and Firewall Logs are aggregated and feed aggregated log to SIEM?

Posted on September 23, 2018 by Sun-IT

I am studying SIEM tools.

Firewall logs will be different from IDS logs and even from Antivirus logs.

How can log aggregation take place?

Continue reading How IDS and Firewall Logs are aggregated and feed aggregated log to SIEM?→

How useful is it to prevent Linux applications from setting up any untrusted connections, and can it be done easily?

Posted on September 16, 2018 by reed

Threat: your Linux machine gets compromised in some way (untrusted app, or compromised install package or update, or an app is compromised because of a vulnerability, etc.) and something on your system tries to “call home”. S… Continue reading How useful is it to prevent Linux applications from setting up any untrusted connections, and can it be done easily?→

Loopback with Suricata

Posted on September 7, 2018 by Neveralways

Is there any way of analyzing loopback traffic with Suricata?

I am trying it this way without success:

root@security-onion:/home/sar/TFM/alerts/suricata# suricata -c /etc/suricata/suricata.yaml -i lo -l . -k none
7/9/2018 -… Continue reading Loopback with Suricata→

Want to know how to configure wireless intrusion prevention syatem [on hold]

Posted on August 16, 2018 by Foto

I want to make a wireless IPS for my school project.Please suggest me which WIPS software is free to use and how to configure it in detail.
Thanks.

Continue reading Want to know how to configure wireless intrusion prevention syatem [on hold]→

Regarding small office and residential packet taps and inspectors seconion and graylog

Posted on August 15, 2018 by Mjlandy

I was looking for a pre-spec’d bare metal server that could host Seconion and Graylog.

I’ve done some of my own searching around and I’d rather not run a VM. As opposed to me putting together a best-effort config only to f… Continue reading Regarding small office and residential packet taps and inspectors seconion and graylog→

How can Insertion attack ever work and fool an IDS on a TCP connection?

Posted on July 31, 2018 by AlenT

An IDS can accept a packet that an end-system rejects. An IDS that does this makes the mistake of believing that the end-system has accepted and processed the packet when it actually hasn’t. An attacker can exploit this co… Continue reading How can Insertion attack ever work and fool an IDS on a TCP connection?→

Snort IDS, Man In The Middle Attack

Posted on July 24, 2018 by dedy

I’m detecting arp poisoning attacks from the login page of a website using snort ids. I have not found a suitable rule for the attack. anyone can help me ?

Continue reading Snort IDS, Man In The Middle Attack→

snort rules are enabled by pulledpork but in the same time are skipped?

Posted on July 19, 2018 by Frank

I am using pulledpork for management of rules. I had enabled rules from 1:1000 to 1:5735 those rules are enabled but in the same time are skipped.

As output I had:

https://github.com/shirkdog/pulledpork
_____ ____… Continue reading snort rules are enabled by pulledpork but in the same time are skipped?→

How can I get Suricata to alert on 1 packet every time

Posted on July 11, 2018 by MikeSchem

I am trying to write a Suricata signature for testing purposes to alert every time it is triggered with a single PCAP file containing a single packet, but this is proving to be harder than I thought.

For instance, I have the following rul… Continue reading How can I get Suricata to alert on 1 packet every time→

Comparison between WAF and IPS/IDS

Posted on July 11, 2018 by Fanar AL HAYALI

I would like to know the difference between WAF and IPS/IDS?
Can IPS/IDS handle an attack on a web application?
If there are differences functionally between the two applications, how they work together when there is an att… Continue reading Comparison between WAF and IPS/IDS→