January 30, 2011 11:02 PM
Posted by: Dan O'Connor
ids,
snortI have already covered Suricata in my previous posts, but sometimes you just need to have snort setup for various reasons.
First go get freebsd http://www.freebsd.org/ , then use the FreeBSD handbook (if you need to) and create a basic installation. I like to do a user install, but minimal will also work (but you get no man pages, so if you need that go with a user install ).
Next you will need Snort, you can use your OS’s package manager, I am going to use the FreeBSD ports system.
cd /usr/ports/security/snort
make install clean
Now just sit back and wait it out.
January 30, 2011 10:56 PM
Posted by: Dan O'Connor
ipv6If you have run a snort style sensor you may have seen a snort alert referring to a “teredo tunnel” being detected.
So what is a “teredo tunnel” ?
It is a method to connect IPv6 enabled devices over IPv4 networks, this can even cross multiple NAT points.
This is done by putting the IPv6 packets in IPv4 UDP.
I am not a fan of this, while it does have a purpose it also increases the attack surface of the network. Also if your IPS is not able to understand what is going on, it could be used to bypass policy and subvert your controls.
Wikipedia as always has a good write up.
http://en.wikipedia.org/wiki/Teredo_tunneling
January 30, 2011 12:05 AM
Posted by: Dan O'Connor
ipv4,
ipv6With all of the news of IPv4 running out of address space ( http://www.bbc.co.uk/news/technology-12306573 ) it might be time to start brushing up on your IPv6. Not that I would be worried about getting any more IPv4 addresses anytime soon, this is just the large pools of addresses handed out to ISP and other large groups. You will still be able to call up your local ISP and get your self a new static IP.
So it’s not time to panic, but its getting closer.
Besides the fact that we are running out of addresses and need to move to IPv6, there are some other features that will be a benefit to us all. I will just run through a couple, you can see the full list here http://en.wikipedia.org/wiki/IPv6#Comparison_to_IPv4 .
Mandatory support for network layer security
Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread deployment first in IPv4, into which it was back-engineered. IPsec is an integral part of the base protocol suite in IPv6.[1]IPsec support is mandatory in IPv6 but optional for IPv4.
Simplified processing by routers
In IPv6, the packet header and the process of packet forwarding have been simplified to make packet processing by routers more efficient,[1][11] and thereby extending the end-to-end principle of Internet design. Specifically:
- The packet header in IPv6 is simpler than that used in IPv4, with many rarely used fields moved to separate options; as a result, although the addresses in IPv6 are four times as large, the option-less IPv6 header is only twice the size of the option-less IPv4 header.
- IPv6 routers do not perform fragmentation. IPv6 hosts are required to either perform PMTU discovery, perform end-to-end fragmentation, or to send packets no larger than the IPv6 default minimum MTU size of 1280 octets.
- The IPv6 header is not protected by a checksum; integrity protection is assumed to be assured by both link layer and higher layer (TCP, UDP, etc.) error detection.[note 1] Therefore, IPv6 routers do not need to recompute a checksum when header fields (such as the time to live (TTL) or hop count) change.[note 2]
- The TTL field of IPv4 has been renamed to Hop Limit, reflecting the fact that routers are no longer expected to compute the time a packet has spent in a queue.
January 27, 2011 11:26 PM
Posted by: Dan O'Connor
anonymous,
wikileaksThis is on top of the two Dutch men arrested several weeks ago.
They are being charged using the “Computer Misuse Act” (UK), the act was originally put in place in 1990, and it looks like they are using amendment 36: http://www.legislation.gov.uk/ukpga/2006/48/section/36.
I wonder how Anonymous was promising that no one would be prosecuted for these actions, most countries have laws in place to prosecute individuals that do these, I know that the UK, US, Japan all have laws just to name a few.
I would not want any of these charges.
(6)A person guilty of an offence under this section shall be liable—
(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
(b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
(c)on conviction on indictment, to imprisonment for a term not exceeding ten years or to a fine or to both.”
http://www.bbc.co.uk/news/technology-12299137
January 27, 2011 3:13 PM
Posted by: Dan O'Connor
linkshttp://www.h-online.com/security/news/item/Conficker-Lessons-Learned-report-published-1177350.html
Well worth reading.
January 27, 2011 3:10 PM
Posted by: Dan O'Connor
biostoragehttp://news.discovery.com/tech/bacteria-work-as-hard-drives-110110.html
Very cool, researchers have been able to piggy back data on to DNA for storage, and not just bits of text. This could be video, images, music etc.
The article says that there is a 3 tiered protection system and one of the researchers goes as far to say that it is unhackable. That I find hard to believe, given enough time anything is possible, but it sounded like it would be offline storage and maybe that’s what he was talking about?
It’s reported that it can store two TB in one graham of bacteria, I wonder how long it takes to write and read that?
January 25, 2011 11:40 PM
Posted by: Dan O'Connor
linksThe Oatmeal is great.
http://theoatmeal.com/comics/state_web_winter
While funny, some of you may find this offensive, but it does have neat stats in it.
January 25, 2011 11:33 PM
Posted by: Dan O'Connor
hardwareCombines the speed of DRAM and the ability to store the information for periods of time, up to a couple of years as quoted.
http://www.bbc.co.uk/news/technology-12265550
I still remember marveling at the speed of the memory on my 486 machine compared to the Tandy 1000 I used to own. Every year I find a story like this and it’s kinda fun to think back to the way things were, 5, 10 years ago and even longer and the leaps that we are ahead of it.
I wonder if the long term storage has the same limitations of flash where it has a limited amount of writes before being a paper weight?
January 25, 2011 3:09 PM
Posted by: Dan O'Connor
cyber,
industrial warfare,
StuxnetFound this on the nytimes site,
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=1&_r=1
A little more information and I guess you would call it evidence to pin who the creators of the stuxnet worm are. The information given makes sense, and really the short list of country’s with the capability to make something like this and have the will to do something about are very short.
I hope this is not the start of industrial warfare, I don’t thing there is a single country in the world that is ready to take a proper defensive in that situation. Also the damage that could be done to the infrastructure could be considerable and if it’s timed with the weather right it could cause casualties.
