Irregular Expressions:

February, 2010


February 23, 2010  12:44 AM

Installing Suricata on FreeBSD – Part 3

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Now that Suricata will start it's time to create a rc script to control the service. ( Lets put it somewhere nice ) [code]vi /usr/local/etc/rc.d/suricata[/code] [code] #!/bin/sh # # By Dan OConnor # PROVIDE: suricata # . /etc/rc.subr name="suricata" rcvar=${name}_enable load_rc_config...

February 22, 2010  11:20 PM

The coder behind the google.cn hack identified?

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Wired has an article that says U.S. researchers have identified one of the coders behind the attacks on Google. It appear that he was tracked down using a posting on a hacking forum with code used in the attack, unfortunately it does not provide specifics on any of the details involved. It does...


February 21, 2010  11:55 PM

Installing Suricata on FreeBSD – Part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

With everything in place you can now start suricata. [code]suricata -c /usr/local/etc/suricata.yaml -i em0[/code] Got a good start. [code]70 rule files processed. 7977 rules succesfully loaded, 5 rules failed[/code] Here is the 5 that did not load, I only added the emerging threats...


February 20, 2010  10:33 PM

Installing Suricata on FreeBSD – Part 1

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Installation of Suricata on FreeBSD i386. Packages needed.

  • PCRE
  • libyaml
  • libnet
Step by step. [code]cd /usr/ports/devel/pcre/ make install clean cd /usr/ports/textproc/libyaml/ make install clean cd /usr/ports/net/libnet/ make...


February 20, 2010  12:12 AM

70-642 Configuring Windows Server 2008 Network Infrastructure Passed!

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I passed 70-642 with a solid 925/1000, I did not find the material specifically challenging but I am glad I had my previous experience with the CISSP.  I don't think I have any problems in how the material for 70-642 is presented in the self study kit, I just wish it had more depth in the...


February 19, 2010  11:37 PM

Recovering from a failed DMotion

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

A few weeks back I was asked to recover a ESX 3.5 host that had VM that was in a strange state.  The VM was supposed to have been DMotion over to another datastore but it had failed.  The VM was still running but no operations were possible on it, I could not edit it or control the power...


February 17, 2010  9:08 AM

CVE-2009-3555 – SSL/TLS renegotiation

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Microsoft just released an advisory to this in the last couple days, I have been following this since October last year.  http://support.microsoft.com/kb/977377 The basic premise of the attack is a man in the middle attack using SSL...


February 15, 2010  10:28 PM

Verifying System Integrity

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html I tired a few files from a FreeBSD machine I have, but it was not able to locate a match.  I am sure there would have been more success if files from a Windows based system had...


February 12, 2010  10:56 PM

MS10-015 Reboots Solved?

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

After a lot of discussion on the sans diary ( sans.isc.sans.org )  it appears the MS10-015 rebooting machines have been traced back to a root kit (Tdss), more information about it can be found at http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html .  Emergingthreats.net has had...


February 9, 2010  8:24 AM

Next generation IDS/IPS engine

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Suricata http://www.openinfosecfoundation.org I have been following this since there was first talk of creating a new engine.  They have released version 0.80. The engine is to load the current Snort rule sets and VRT rule sets out of the box! Once I complete my exam this week I will...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: