List of Snort log analyzers
Posted by creining | Filed under Security
Quick and dirty Snort log analyzers (sed, awk, uniq, sort, etc may be just as good at massaging):
GIAC GCFW practical posted
Posted by creining | Filed under Security
SANS GIAC has posted my GCFW certification status as #459 and my practical. It expires January 31, 2008…I wonder wth I’ll be doing then?
Incident Handling Guide from NIST
Posted by creining | Filed under Security
In reading the recently released Computer Security Incident Handling Guide from NIST I was informed that incidents against critical infrastructure can be reported to the National Infrastructure Protection Center which is part of the Department of Homeland Security. They have a handy form for submitting incident details at http://www.nipc.gov/incident/cirr.htm. Why is that page not HTTPS by default?
Creating network diagrams on linux
Posted by creining | Filed under Linux/BSD
Historically I have used Xfig to draw network diagrams. It is quite an old vector drawing program but gets the job done well. Most recently I used it to draw the network diagram in my SANS GCFW paper. I’m currently working on my SANS GCIA and want to draw a diagram that contains network device icons (I had used mainly rectangle shapes to symbolize machines in my GCFW paper) for a bit more polished look. In searching for *nix programs for network topology maps I ran into the article Creating Network Diagrams that compares four programs: Dia, Tgif, Tkined, and Xfig. The author rated the default Xfig library fairly well, and upon further investigation of the other programs, Xfig contained the most mature iconsets for everything I was looking for.
How to replay 802.11 packet captures
Posted by creining | Filed under Security
There was a recent thread on the pen-test list about replaying 802.11 (rfmon) pcaps with tcpreplay. The problem encountered is that tcpreplay wants an 802.3 ethernet header (1.5beta6 let’s you “fake it” however, using the -2 flag to create an ethernet header, the pcap has to be IP header onwards). A poster to the list cobbled together wifi2eth.c as a solution.
Snort perfmonitor statistics
Posted by creining | Filed under Security
Snort perfmonitor stats graphed using RRDTool and a perl script.
Humor: Microsoft’s representation of a hacker
Posted by creining | Filed under Security
Microsoft’s representation of a hacker.
Website of Snort developers
Posted by creining | Filed under Security
I ran across a website, http://www.idsresearch.org, created by two Sourcefire employees / Snort developers for their IDS research and code. The site is a little sparse at the moment…