docs.emergingthreats.net
SnortSam < Main < EmergingThreats
http://docs.emergingthreats.net/bin/view/Main/SnortSam
Is a plugin for Snort, an open-source light-weight Intrusion Detection System (IDS). The plugin allows for automated blocking of IP addresses on following firewalls:. Cisco Routers (using ACL's or Null-Routes). Former Netscreen, now Juniper firewalls. IP Filter (ipf), available for various Unix-like OS'es such as FreeBSD? S ipfw2 (in 5.x). S Packet Filter (pf). 8signs firewalls for Windows. MS ISA Server firewall/proxy for Windows. Ali Basel's Tracker SNMP through the SNMP-Interface-down plugin. Block tr...
wiki.aanval.com
Aanval:Event Suppression - Aanval Wiki
http://wiki.aanval.com/wiki/Aanval:Event_Suppression
Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management. Visit http:/ www.aanval.com/. Nuisance events are those that simply fill disk space, cloud Aanval's Live Monitor, and don't add to one's situational awareness. To identify nuisance events and create a dovetailed signature recipe:. Visit Charts and Graphs (from the icons on the top-left of the screen). Visit http:/ snort.org/search. And enter the signature ID in the search field. The sign...
docs.emergingthreats.net
RuleChanges < Main < EmergingThreats
http://docs.emergingthreats.net/bin/view/Main/RuleChanges
Last 50 Rule Changes. Results from Main web. Retrieved at 22:57 (GMT). Alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Alfa/Alpha Ransomware Checkin`; flow:established,to server; urilen:33; content:` 20 HTTP/1.1 0d 0a Host . My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on . M `; http uri; fast pattern:only . Id `; depth . Id `; depth . Alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENT...
blog.ls20.com
Securing Your Server using IPSet and Dynamic Blocklists
http://blog.ls20.com/securing-your-server-using-ipset-and-dynamic-blocklists
Securing Your Server using IPSet and Dynamic Blocklists. As a dedicated server or Virtual Private Server (VPS) owner, one important task is to defend against online attacks. IPTables. Allows a sysadmin to filter traffic by configuring the tables in the Linux kernel firewall. In this tutorial, I will discuss how to use IP sets with dynamic blocklists to better secure your server. Are a framework inside the Linux kernel, managed by the IPSet utility. It can be used on most servers except OpenVZ VPS. The an...
eatingsecurity.blogspot.com
Eating Security: Building an IR Team: Documentation
http://eatingsecurity.blogspot.com/2009/07/building-ir-team-documentation.html
Small servings of digital security, incident response, NSM, and system administration. 15 July, 2009. Building an IR Team: Documentation. My third post on building an Incident Response (IR) team covers documentation. The first post was Building an IR Team: People. Followed by Building an IR Team: Organization. And concentrate on keeping this post to a more digestible size. There are quite a few different areas where a Computer Incident Response Team (CIRT) will need good documentation. Since I am writing...
docs.emergingthreats.net
GeneralFAQ < Main < EmergingThreats
http://docs.emergingthreats.net/bin/view/Main/GeneralFAQ
General questions, tricks, tips, and other things that are asked frequently and important to remember! What is the difference between offset, distance, depth and within? Add your tips here. What is the difference between offset, distance, depth and within? All content matches and modifiers start from the first byte of the payload. None of them will look in the header, that's all parsed and can be matched using other directives. Is how far to LOOK into the payload from the start of the payload.
docs.emergingthreats.net
NewUserGuide < Main < EmergingThreats
http://docs.emergingthreats.net/bin/view/Main/NewUserGuide
New ET Users Guide. 1 First, you need an IDS (such as Suricata or Snort) installed and running. Doing that is a bit beyond the scope of this guide. If you're having issues google "suricata/snort howto", you'll find many articles that will suit your needs. 2 Check out the sample emerging.conf. You then need to choose a platform. These are listed under each ruleset type. choose the snort version or Suricata version at or under your running version. Be careful going forward. If you are using...3 Choose your...
docs.emergingthreats.net
SuricataSnortSigs101 < Main < EmergingThreats
http://docs.emergingthreats.net/bin/view/Main/SuricataSnortSigs101
Suricata and Snort Signatures 101. The following is a set of tips to help you write good rules, avoid common mistakes, and understand the process of bringing a threat from discovery to signature. Please feel free to edit and add to this page! Suricata and Snort Signatures 101. General Things to Remember. Write to the Vuln, NOT the Exploit. What is the difference between offset, distance, depth and within? Proxy vs. Direct. General Things to Remember. Write to the Vuln, NOT the Exploit. When troubleshooti...
docs.emergingthreats.net
UserDocs < Main < EmergingThreats
http://docs.emergingthreats.net/bin/view/Main/UserDocs
Here's what you might be looking for. Topic revision: r1 - 2009-09-25 -.
docs.emergingthreats.net
MalwareDocs < Main < EmergingThreats
http://docs.emergingthreats.net/bin/view/Main/MalwareDocs
Topic revision: r1 - 2008-07-11 -.