In two previous posts I covered “What is netflow and when do you use it?” and “Use netflow with nfdump and nfsen“.
Nfsen provides a web interface on netflow data made available via nfdump. Because of the nature of the netflow data it is important to have strict access controls and extensive logging on the nfsen access. You should have a complete access and query log of who did what at any given time.
Access … Read more.
In a previous post I described what is netflow and when do you use it. This post describes how to use netflow with nfdump and nfsen.
Having netflow is great but of course you’d like a way to view your netflow data. I’m covering the nfdump and nfsen tools.
nfdump is the command line interface whereas nfsen is the web interface. Both tools can be used together. In fact, nfsen is a web wrapper around … Read more.
Netflow is a feature that was introduced on Cisco routers and that provides the ability to collect IP network traffic as it enters or exits an interface. Netflow data allows you to have an overview of traffic flows, based on the network source and destination. Because of this it lets you understand who is using the network, the destination of your traffic, when the network is utilized and the type of applications that consume the … Read more.
I have a couple of forked git repositories. When I want to add custom code it’s useful to get the latest available code from the “original” repository. Before I can do that I have to sync my fork with the latest available code.
The steps to do this are explained extensively in the Github help, this is merely a placeholder for my own documentation.
Some online resources
https://help.github.com/articles/syncing-a-fork/ https://help.github.com/articles/configuring-a-remote-for-a-fork/
The first step that you will … Read more.
For a recent project I had to convert Windows Event Log files from a Windows machine to a plain text file. To accomplish this I used the EvtxParser tools from Andreas Schuster
It is a set of Perl files that you can run against the Event Log files.
EvtxParser is written in Perl. So obviously, you need Perl. On Ubuntu you need the extra packages libdatetime-perl and libcarp-assert-perl.
You also need to install two extra … Read more.
Recently a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. They reported on a downgrade attack against the TLS protocol which would allow attackers to read and possibly alter your supposedly secure communication with a website or VPN connection.
The issue is located in the EXPORT cryptography, similar to the FREAK attack (although … Read more.
I had a guest-posting published at IBM Security Intelligence : Comparing Free Online Malware Analysis Sandboxes.
In the two previous posts on MISP
Getting started with MISP – part 1 – Configuration Getting started with MISP – part 2 – Usage
I covered the basic installation, configuration and usage of MISP, Malware Information Sharing Platform & Threat Sharing.
Visit the page from CIRCL.lu to get a good overview of the possibilities of MISP and a description of a practical use case.
If you need (commercial) support you should visit http://www.misp-project.org/.
… Read more.
The Logjam Attack basically allows an attacker to downgrade a secure connection to a VPN or secure website so that the attacker is able to read or modify your communication. The issue was found in the way how Diffie-Hellman key exchange has been deployed. It has been extensively described at https://weakdh.org/.
You can test if your server is vulnerable via the Qualys SSLServer test or via a form on the weakdh.org website.
The output from … Read more.
My first post on MISP described how to get MISP installed and get it up and running. This post describes how you can use MISP to your benefit to share threat information with your community.
The basic features of MISP are described in detail in the documentation at INSTALL/documentation.pdf. I’ll describe the steps needed to create an event and add some useful data.
You can add an event under Event actions, Add event. You’ll have … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.