Collaborate Disseminate
This a bit of a broad question, I know.
Our security team at work gave us the task to implement an IPS (Intrusion Prevention System) for our infrastructure and no specs (surprise!).
We have several k8s clusters running in GKE. Google offer… Continue reading Implement IPS (Intrusion Prevention System) on Kubernetes
I found too many event on suricata after recent update regarding this rule:
alert ip any any -> any any (msg:"ET EXPLOIT Possible CVE-2020-11900 IP-in-IP tunnel Double-Free"; ip_proto:4; metadata: former_category EXPLOIT; refe… Continue reading Inaccurate Suricata ET rule (SID: 2030388, CVE-2020-11900)
I’m currently doing research on evasion attacks that seek to bypass a Deep-learning based Network Intrusion Detection System.
In order to achieve this, I need to know what the constraints are for the TCP window size field in the TCP packet… Continue reading What happens if a sender changes the TCP window size over multiple packets that have the same ACK number?
I’m working on a project to implement SDN in a network. One of my flows is redirecting to the Suricata IDS and the flow works in layer 2 with MAC address.
Since I’ve read that Snort only works in layer 3, I would like to know if it’s possi… Continue reading Suricata and rules based on MAC address
Does Snort have the "automatic protocol detection" function like Suricata? I read that Snort 3 has "Autodetect services for portless configuration" feature. Does it mean that this function is absent in Snort 2? Or they … Continue reading Snort automatic protocol detection
I’m trying to find difference between Zeek and Snort 3. Сan anybody tell me what are the advantages of Zeek against Snort 3?
I’m trying to write a snort rule which detects if certain binary files where requested via HTTP based on a regex rule matching there names.
But it should only send an alert if the file exists (e.g. HTTP 200 OK reply).
Is it possible to ha… Continue reading Snort analyze reply based on request
If I do something like
alert tcp any any <> any any (content:”TestA”; content:”TestB”; sid:1000000; msg:”Syntax correct!”;)
then the syntax is correct, but, what I would like to do is to match either “TestA” or “TestB”. So if I g… Continue reading ids – How do I match any string in a list of snort contents?
There are many solutions e.g. Akamai and Cloudflare, strategies, devices or suggested network architectures to mitigate DDOS attacks, but due to some basic concepts like limited-bandwidth or some common/known vulnerabilities, there is not … Continue reading How intelligent ddos mitigation systems (IDMS) mitigates Denial-of-service attack [closed]
If supposing I discover that my network is being attacked by some hacker or is being compromised in any way and I am able to detect it. So, is there any software-oriented way of ‘locking-down’ the network?
Basically, that means that there… Continue reading Is there a way to lock down a network?