Collaborate Disseminate
I am setting up a OSSEC in local mode (on CentOS 7) to act as an IPS for a specific behavior. I am trying to use firewall-drop but it is not working (I noticed that the script can’t see srcip). let me show you some outputs:
I am setting up a OSSEC in local mode (on CentOS 7) to act as an IPS for a specific behavior. I am trying to use firewall-drop but it is not working (I noticed that the script can’t see srcip). let me show you some outputs:
… Continue reading OSSEC – firewall-drop not working for rule 5701
Moses returns to the show to discuss his background in technology and security (which is eerily similar to Paul’s!). The crew then got into a deep discussion of the history of many different technologies (Solaris Firewalls, IDS, Java and more!). Moses talked at length about serialization bugs in both PHP and Java. Then we dove […]
The post Moses Hernandez, Cisco Systems – Paul’s Security Weekly #520 appeared first on Security Weekly.
Continue reading Moses Hernandez, Cisco Systems – Paul’s Security Weekly #520
I am trying to get alerts of the wget events i do like download txt or jpeg. I wrote this rules as well,
alert http any any -> any any (msg:”FILEEXT TXT file claimed”; fileext:”txt”; sid:1; rev:1;)
But it did not work, Can anyone tell me how can i configure suricata to detect and alert wget events.
Continue reading How to configure suricata to alert wget events?
I am testing 3 IDS : Snort, Bro and Suricata with PF_RING packet capture framework.
In minimal setup, no rules and scripts are applied, fresh install in new machine, Suricata always show no packet are dropped or very small ra… Continue reading Why Snort and Bro drop so many packet while Suricata doesn’t?
I am trying to setup a basic snort configuration to test first that snort is well working. After running snort, it seems that it was able to detect my one and only rule made for ICMP traffic, however I am getting this message… Continue reading Snort is not tracking ICMP traffic
I’m trying to use a device with 1GB of RAM and a Single 800 MHz core CPU.
I will use Snort to analyze traffic on my LAN network. Snort, unfortunately, cannot analyze all the traffic (sometimes it triggers an alert after a tri… Continue reading Can I run Snort on a slow computer?
I use Snort IDS on a dataset to generate alerts and export them to CSV output. Now, I want to display one more new field – Dangerous level of alerts.
Can Snort display the dangerous level of alerts? In README.csv file, I can… Continue reading Display dangerous level of Snort alert
I am experiencing trouble crating rules that would check user HTTP behaviour (page address, POST/GET params..).
alert tcp any any -> any any (msg:”Alfa in uri”; flow:to_server,established; uricontent:”/alfa.html”; nocase;… Continue reading Snort rules uricontent
I am experiencing trouble crating rules that would check user HTTP behaviour (page address, POST/GET params..).
alert tcp any any -> any any (msg:”Alfa in uri”; flow:to_server,established; uricontent:”/alfa.html”; nocase;… Continue reading Snort rules uricontent