Clik here to view.
How Does Cisco IPS Work?
How does it work? Does it typically have predefined patterns of trusted or malicious activity? Is it actually a category of firewall techniques? I am more curious about Cisco than I am about other...
View ArticleClik here to view.
IIS – Script for repeated hacks on a website
I currently have a site that is armored by ELMAH as its reporting mechanism. Each time someone hits a URL that is incorrect it notifies me or logs to the system. This is annoying for someone...
View ArticleClik here to view.
How to find security-leak after a skynet intrusion?
Some days ago, the server of a friend had an intrusion. The attack installed a new SSH daemon that let any valid account in, without providing a valid password. After login, each account automatically...
View ArticleClik here to view.
Windows: Audit/View logins from remote networks?
i want to audit remote connection attempts to a Windows 2003 Server. i’ve changed the group policy to show logon successes and failures: >gpedit.mscLocal Computer Policy Computer Configuration...
View ArticleClik here to view.
AWS EC2: How to determine whether my EC2/scalr AMI was hacked? What to do to...
(See update below) I received notification from Amazon that my instance tried to hack another server. there was no additional information besides log dump: Original report: Destination IPs:...
View ArticleClik here to view.
Comparison of Firewall, Intrusion Prevention, Detection and Antivirus...
in these days i’m reading about intrusion prevention/detection systems.When reading i really confused in some points. First, the firewall and antivirus technologies are known terms for years, however...
View ArticleClik here to view.
What are some of the commonly used rule actions in snort other than the...
I’m writing a strict snort rule parser and I would like to accommodate snort rules from popular plugins. The documentation specifies that any action/type is possible because they can be defined by...
View ArticleClik here to view.
Utility to notify when website files are changed
Does any one know of a (preferably free) windows utility that recursively hashes all the files in a directory tree every x minutes and sends a notification if any files have changed. I want to have a...
View ArticleClik here to view.
OSSIM In Production Environment
I am trying to get some real-world feedback on OSSIM. Are you using OSSIM in production? If so, what has your overall experiance been? How many nodes are in your enviroment? Finally, what kind of...
View ArticleClik here to view.
Recommend an intrusion detection system (IDS/IPS), and are they worth it?
I have tried out various network-based IDS and IPS systems throughout the years and have never been happy with the results. Either the systems were too difficult to manage, only triggered on...
View Article
