nanog mailing list archives
Re: Intrusion Detection recommendations
From: Charles N Wyble <charles () thefnf org>
Date: Sat, 14 Feb 2015 14:03:05 -0600
Checkout security onion. Its got a pretty nice suite of tools and can run a (or many) dedicated sensor system and communicate back to a central system. As for SSL MITM, see the recent nanog thread for a full layer 2 to layer 8 ramifications of that activity. For ssh mitm, I don't know of any tools. I'm looking for one. On February 14, 2015 12:57:29 PM CST, Jimmy Hess <mysidia () gmail com> wrote:
On Sat, Feb 14, 2015 at 2:38 AM, Randy Bush <randy () psg com> wrote: Bro, SNORT, SGUIL, Tcpdump, and Wireshark are some nice tools. By itself, a single install of Snort/Bro is not necessarily a complete IDS, as it cannot inspect the contents of outgoing SSL sessions, so there can still be Javascript/attacks against the browser, or SQL injection attempts encapsulated in the encrypted tunnels; I am not aware of an open source tool to help you with SSH/SSL interception/SSL decryption for implementation of network-based IDS. You also need a hand-crafted rule for each threat that you want Snort to identify... Most likely this entails making decisions about what commercial ruleset(s) you want to use and then buying the appropriate subscriptions.if you were comfortable enough with freebsd to use it as a firewall,youcan run your traffic through, or mirror it to, a freebsd box running https://www.bro.org/ or https://www.snort.org/ two quite reasonable and powerful open source systems randy-- -JH !DSPAM:54df9aed198762108866735!
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Current thread:
- Re: Intrusion Detection recommendations, (continued)
- Re: Intrusion Detection recommendations Owen DeLong (Feb 19)
- Re: Intrusion Detection recommendations BPNoC Group (Feb 14)
- Re: Intrusion Detection recommendations Rafael Possamai (Feb 14)
- RE: Intrusion Detection recommendations Warsaw LATAM Operations Group (Feb 13)
- Re: Intrusion Detection recommendations Jimmy Hess (Feb 13)
- RE: Intrusion Detection recommendations Keith Medcalf (Feb 13)
- RE: Intrusion Detection recommendations Scavotto, Brian (Feb 18)
- Re: Intrusion Detection recommendations Joe Klein (Feb 19)
- Re: Intrusion Detection recommendations Randy Bush (Feb 14)
- Re: Intrusion Detection recommendations Jimmy Hess (Feb 14)
- Re: Intrusion Detection recommendations Charles N Wyble (Feb 14)
- Re: Intrusion Detection recommendations Rich Kulawiec (Feb 14)
- RE: Intrusion Detection recommendations Colin Bodor (Feb 15)
- RE: Re: Intrusion Detection recommendations Darden, Patrick (Feb 19)
- RE: Re: Intrusion Detection recommendations Darden, Patrick (Feb 19)
- Re: Intrusion Detection recommendations Jimmy Hess (Feb 14)