I am using a combination of tools to monitor, temporarily ban, and block problem IPs that attempt to brute force SSH on my Ubuntu server. Then allow SSH, so I can manage my server.
First, I installed ufw to easily create firewall rules. Below commands allow me to show all available options...
Firewalls, Linux, Network Security, Python Scripts
LogRhythm… am I talking about another way to remotely forward my syslog logs? Basically, yes. Their demo states
“end user behavior can be difficult to baseline and monitor”
and they claim to pretty much do just that...
Linux, Network Security, Python Scripts, Tutorials/Whitepapers
If your site or service has any interaction with customer data, especially credit cards, then you will want to ensure that you are using the latest up-to-date SSL cyphers. Below are some quick notes that I took while recently updating some cyphers I’m responsible for...
Linux, Network Security, Tutorials/Whitepapers, Uncategorized
A couple of perl scripts to help add Hosts and Host Escalations into Nagios config files.
DIRECTIONS: Edit .list file for script to read
FOR: addHost.pl edit host.list to include tab seperated parameter (5)options
use host_name alias address host_groups
FOR: addEscalation.pl edit Escalation.list to include tab seperated parameter (2)options
Here is addHost.pl script
Linux, Network Security, Perl Scripts, Tutorials/Whitepapers
I came across this issue today… thankfully my network environement security uses both eTrust and Tripwire, so this should not be a big problem here, but I think it’s should be watched for. Basically, this is a way to hide spyware or incriminating (hacker) tools by casting or forking the file into another file. The original size will show the same and even the actual running process is hidden from process explorers, the only thing that changes is the modification date. Also, this only runs on NTFS and moving the file to another file system will corrupt the hidden file.
Network Security, Tutorials/Whitepapers, Virus Alerts, Windows
I was tasked with verify host connectivity after some server patches were pushed out. So instead of manually pinging each one, and I already had a text file with all the affected hostnames, I decided to put together a little script that would read from the text file and print out whether the host was up or down.
I have simplified my original multiple host ping sweep script. All you need for this script to work is a hosts.txt file with a list of host names or IP addresses and of course the script below.
Linux, Network Security, Perl Scripts, Tutorials/Whitepapers, Windows
The featured site Networksecuritytech.com is back online… check it out… and hit it hard. There is a lot of good content on there… same theme as my blog, but censored….
Expect Scripts, Firewalls, Linux, Microsoft Office, Network Security, Tutorials/Whitepapers, Virus Alerts, Windows, Wireless
Here’s a nice site that I came across that provides study material. I was able to request some free downloads… so check it out and learn something….
Linux, Network Security, Tutorials/Whitepapers, Windows
This is for educational purposes only! I set this lab in a controlled environment using a Windows file server, Windows XP desktop, and my laptop runing Knoppix live CD. In this lab I use Ettercap only for arp poison and spoofing, and I use Ethereal for the sniffing. First of all,
Linux, Network Security, Tutorials/Whitepapers, Wireless