Installing Suricata on FreeBSD – Part 3

Now that Suricata will start it's time to create a rc script to control the service. ( Lets put it somewhere nice ) [code]vi /usr/local/etc/rc.d/suricata[/code] [code] #!/bin/sh # # By Dan OConnor # PROVIDE: suricata # . /etc/rc.subr name="suricata" rcvar=${name}_enable load_rc_config...
The coder behind the google.cn hack identified?

Wired has an article that says U.S. researchers have identified one of the coders behind the attacks on Google. It appear that he was tracked down using a posting on a hacking forum with code used in the attack, unfortunately it does not provide specifics on any of the details involved. It does...
Installing Suricata on FreeBSD – Part 2

With everything in place you can now start suricata. [code]suricata -c /usr/local/etc/suricata.yaml -i em0[/code] Got a good start. [code]70 rule files processed. 7977 rules succesfully loaded, 5 rules failed[/code] Here is the 5 that did not load, I only added the emerging threats...
Installing Suricata on FreeBSD – Part 1

Installation of Suricata on FreeBSD i386. Packages needed.
- PCRE
- libyaml
- libnet
70-642 Configuring Windows Server 2008 Network Infrastructure Passed!

I passed 70-642 with a solid 925/1000, I did not find the material specifically challenging but I am glad I had my previous experience with the CISSP. I don't think I have any problems in how the material for 70-642 is presented in the self study kit, I just wish it had more depth in the...
Recovering from a failed DMotion

A few weeks back I was asked to recover a ESX 3.5 host that had VM that was in a strange state. The VM was supposed to have been DMotion over to another datastore but it had failed. The VM was still running but no operations were possible on it, I could not edit it or control the power...
CVE-2009-3555 – SSL/TLS renegotiation

Microsoft just released an advisory to this in the last couple days, I have been following this since October last year. http://support.microsoft.com/kb/977377 The basic premise of the attack is a man in the middle attack using SSL...
Verifying System Integrity

The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html I tired a few files from a FreeBSD machine I have, but it was not able to locate a match. I am sure there would have been more success if files from a Windows based system had...
MS10-015 Reboots Solved?

After a lot of discussion on the sans diary ( sans.isc.sans.org ) it appears the MS10-015 rebooting machines have been traced back to a root kit (Tdss), more information about it can be found at http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html . Emergingthreats.net has had...
Next generation IDS/IPS engine

Suricata http://www.openinfosecfoundation.org I have been following this since there was first talk of creating a new engine. They have released version 0.80. The engine is to load the current Snort rule sets and VRT rule sets out of the box! Once I complete my exam this week I will...