Installing Suricata on FreeBSD – Part 3
Profile: Dan O'Connor
Now that Suricata will start it's time to create a rc script to control the service. ( Lets put it somewhere nice ) [code]vi /usr/local/etc/rc.d/suricata[/code] [code] #!/bin/sh # # By Dan OConnor # PROVIDE: suricata # . /etc/rc.subr name="suricata" rcvar=${name}_enable load_rc_config...
0 Comments
RSS Feed
Email a friend
The coder behind the google.cn hack identified?
Profile: Dan O'Connor
Wired has an article that says U.S. researchers have identified one of the coders behind the attacks on Google. It appear that he was tracked down using a posting on a hacking forum with code used in the attack, unfortunately it does not provide specifics on any of the details involved. It does...
0 Comments
RSS Feed
Email a friend
Installing Suricata on FreeBSD – Part 2
Profile: Dan O'Connor
With everything in place you can now start suricata. [code]suricata -c /usr/local/etc/suricata.yaml -i em0[/code] Got a good start. [code]70 rule files processed. 7977 rules succesfully loaded, 5 rules failed[/code] Here is the 5 that did not load, I only added the emerging threats...
0 Comments
RSS Feed
Email a friend
Installing Suricata on FreeBSD – Part 1
Profile: Dan O'Connor
Installation of Suricata on FreeBSD i386. Packages needed.
- PCRE
- libyaml
- libnet
0 Comments
RSS Feed
Email a friend
70-642 Configuring Windows Server 2008 Network Infrastructure Passed!
Profile: Dan O'Connor
I passed 70-642 with a solid 925/1000, I did not find the material specifically challenging but I am glad I had my previous experience with the CISSP. I don't think I have any problems in how the material for 70-642 is presented in the self study kit, I just wish it had more depth in the...
0 Comments
RSS Feed
Email a friend
Recovering from a failed DMotion
Profile: Dan O'Connor
A few weeks back I was asked to recover a ESX 3.5 host that had VM that was in a strange state. The VM was supposed to have been DMotion over to another datastore but it had failed. The VM was still running but no operations were possible on it, I could not edit it or control the power...
0 Comments
RSS Feed
Email a friend
CVE-2009-3555 – SSL/TLS renegotiation
Profile: Dan O'Connor
Microsoft just released an advisory to this in the last couple days, I have been following this since October last year. http://support.microsoft.com/kb/977377 The basic premise of the attack is a man in the middle attack using SSL...
0 Comments
RSS Feed
Email a friend
Verifying System Integrity
Profile: Dan O'Connor
The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html I tired a few files from a FreeBSD machine I have, but it was not able to locate a match. I am sure there would have been more success if files from a Windows based system had...
0 Comments
RSS Feed
Email a friend
MS10-015 Reboots Solved?
Profile: Dan O'Connor
After a lot of discussion on the sans diary ( sans.isc.sans.org ) it appears the MS10-015 rebooting machines have been traced back to a root kit (Tdss), more information about it can be found at http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html . Emergingthreats.net has had...
0 Comments
RSS Feed
Email a friend
Next generation IDS/IPS engine
Profile: Dan O'Connor
Suricata http://www.openinfosecfoundation.org I have been following this since there was first talk of creating a new engine. They have released version 0.80. The engine is to load the current Snort rule sets and VRT rule sets out of the box! Once I complete my exam this week I will...
0 Comments
RSS Feed
Email a friend
