Irregular Expressions:

February, 2010

February 23, 2010  12:44 AM

Installing Suricata on FreeBSD – Part 3

Posted by: Dan O'Connor
suricata freebsd, suricata install, suricata install freebsd

Now that Suricata will start it's time to create a rc script to control the service. ( Lets put it somewhere nice ) [code]vi /usr/local/etc/rc.d/suricata[/code] [code] #!/bin/sh # # By Dan OConnor # PROVIDE: suricata # . /etc/rc.subr name="suricata" rcvar=${name}_enable load_rc_config...

February 22, 2010  11:20 PM

The coder behind the hack identified?

Posted by: Dan O'Connor
china googe, google hack

Wired has an article that says U.S. researchers have identified one of the coders behind the attacks on Google. It appear that he was tracked down using a posting on a hacking forum with code used in the attack, unfortunately it does not provide specifics on any of the details involved. It does...

February 21, 2010  11:55 PM

Installing Suricata on FreeBSD – Part 2

Posted by: Dan O'Connor
suricata freebsd, suricata install, suricata install freebsd

With everything in place you can now start suricata. [code]suricata -c /usr/local/etc/suricata.yaml -i em0[/code] Got a good start. [code]70 rule files processed. 7977 rules succesfully loaded, 5 rules failed[/code] Here is the 5 that did not load, I only added the emerging threats...

February 20, 2010  10:33 PM

Installing Suricata on FreeBSD – Part 1

Posted by: Dan O'Connor
suricata freebsd, suricata install, suricata install freebsd

Installation of Suricata on FreeBSD i386. Packages needed.

  • PCRE
  • libyaml
  • libnet
Step by step. [code]cd /usr/ports/devel/pcre/ make install clean cd /usr/ports/textproc/libyaml/ make install clean cd /usr/ports/net/libnet/ make...

February 20, 2010  12:12 AM

70-642 Configuring Windows Server 2008 Network Infrastructure Passed!

Posted by: Dan O'Connor

I passed 70-642 with a solid 925/1000, I did not find the material specifically challenging but I am glad I had my previous experience with the CISSP.  I don't think I have any problems in how the material for 70-642 is presented in the self study kit, I just wish it had more depth in the...

February 19, 2010  11:37 PM

Recovering from a failed DMotion

Posted by: Dan O'Connor
dmotion, failed dmotion, vmware, vmware-cmd

A few weeks back I was asked to recover a ESX 3.5 host that had VM that was in a strange state.  The VM was supposed to have been DMotion over to another datastore but it had failed.  The VM was still running but no operations were possible on it, I could not edit it or control the power...

February 17, 2010  9:08 AM

CVE-2009-3555 – SSL/TLS renegotiation

Posted by: Dan O'Connor
977377, CVE-2009-3555, ssl, tls

Microsoft just released an advisory to this in the last couple days, I have been following this since October last year. The basic premise of the attack is a man in the middle attack using SSL...

February 15, 2010  10:28 PM

Verifying System Integrity

Posted by: Dan O'Connor
barnyard freebsd, freebsd, hash, integrity, knoppix, md5, sha1

The team at has an BETA version of hash checking application. I tired a few files from a FreeBSD machine I have, but it was not able to locate a match.  I am sure there would have been more success if files from a Windows based system had...

February 12, 2010  10:56 PM

MS10-015 Reboots Solved?

Posted by: Dan O'Connor
ms10-015, root kit, rootkit, tdss

After a lot of discussion on the sans diary ( )  it appears the MS10-015 rebooting machines have been traced back to a root kit (Tdss), more information about it can be found at . has had...

February 9, 2010  8:24 AM

Next generation IDS/IPS engine

Posted by: Dan O'Connor
ids, ips, oisf, snort, suricata, vrt

Suricata I have been following this since there was first talk of creating a new engine.  They have released version 0.80. The engine is to load the current Snort rule sets and VRT rule sets out of the box! Once I complete my exam this week I will...

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: