03-11-2011
If you want to create a NIDS, at it's most basic level it is collection and analysis:
a) Grab packets off the wire (e.g. tcpdump)
b) Scan the dumped data for stuff you want to search for* (e.g.
ngrep - network grep)
* matching against a database of signatures of "known bad stuff" or track behavioural anomalies with a statistical model.
c) Do something, perhaps sending an alert via SMTP message or SNMP trap.
Do not underestimate the enormous amount of work involved with such a project.
9 More Discussions You Might Find Interesting
1. Solaris
Trying to reach a formula on Solaris 9 for calculating the Memory utilization percentage, i have encountered a lot of indicators and metrices, however i have faced a case today which confused me.
How to get a Zero Scan Rate along an hour whilst the Paging activity (Pages IN & Pages Out) are not... (4 Replies)
Discussion started by: Negm
4 Replies
2. UNIX for Advanced & Expert Users
I want to write a server application that would accept HTTP requests from client.
The server would be on a machine that has no connection to the INTERNET.
The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies
3. Programming
Dear Sir,
i m going to use NP5610-16 moxa device for multiport serial communication.
i m using fedora-core 6 o.s.
after installation it will detect serial ports as /dev/ttyr0,/dev/ttyr1...ttyr32.
there are total 32 com ports.
now i want to write application which monitor all serial ports and... (6 Replies)
Discussion started by: amitpansuria
6 Replies
4. Shell Programming and Scripting
Below is part of a script i have written to loop through part of a port info file. How do i continue the script to get info for OS Device Name, manufacturer and then put information into an array?
HBA Port WWN: 10000000c9420b4b
OS Device Name: /dev/cfg/c10
Manufacturer: Emulex... (5 Replies)
Discussion started by: rcon1
5 Replies
5. IP Networking
Hi,
We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
Discussion started by: swatidas11
1 Replies
6. Shell Programming and Scripting
I write a script which will stop an application, then restart it.
Sometimes it is succesful, sometimes not.
The problem is, when stop the application, some ports are still listenning (or not released). When start the application, it reports that ports are used, and can't continues.
I use... (1 Reply)
Discussion started by: rdcwayx
1 Replies
7. Programming
hey frns pls help me out !!
i hav a code of c that i have to include in my project.
i am using a device (geomeda) that has unix based OS. it also support SIM card for connecting to server . I need to send SMS to user from this device..
below code is not working .. i am unable to send sms and the... (7 Replies)
Discussion started by: yashwantkumar
7 Replies
8. Solaris
please find the below o/p for your reference
bash-3.00# fcinfo hba-port
HBA Port WWN: 21000024ff295a34
OS Device Name: /dev/cfg/c2
Manufacturer: QLogic Corp.
Model: 375-3356-02
Firmware Version: 05.03.02
FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies
9. UNIX for Beginners Questions & Answers
I wish to pull out a list of all user ids on the system, including the privileged ids, the groups to which they belong to. Sometimes after deleting an id also, its home dir does not get deleted or an entry is left behind in /etc/passwd.
Can someone help me with a script to achieve both. (2 Replies)
Discussion started by: ggayathri
2 Replies
LEARN ABOUT DEBIAN
suricata
SURICATA(8) System Manager's Manual SURICATA(8)
NAME
suricata - Next Generation Intrusion Detection and Prevention Tool
SYNOPSIS
suricata [options]
DESCRIPTION
suricata is a network Intrusion Detection System (IDS). It is based on rules (and is fully compatible with snort rules) to detect a variety
of attacks / probes by searching packet content.
This new Engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB), Gzip Decompression,
Fast IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU cards.
It supports acquiring packets through NFQUEUE, PCAP (live or offline) etc.
OPTIONS
-c config_file
Use configuration file config_file
-i interface
Sniff packets on interface.
-r file
Read the tcpdump-formatted file tcpdump-file. This will cause Suricata to read and process the file fed to it. This is useful for
offline analysis.
-q queue_id
Sniff packets sent by the kernel through NFQUEUE. This allows running Suricata in inline mode (IPS) for packets captured by iptables
using the NFQUEUE target.
-s signatures
Path to the signatures file.
-l log_dir
Path to the default log directory.
-D Run as daemon
--init-errors-fatal
Enable fatal failure on signature init error.
SEE ALSO
tcpdump(1), pcap(3).
AUTHOR
suricata was written by the Open Information Security Foundation.
This manual page was written by Pierre Chifflier <pollux@debian.org>, for the Debian project (and may be used by others).
February 2010 SURICATA(8)