Category: Intrusion Detection

The Immutable Friday Fav Five

Here are the five links that I found interesting for this week: Mitigating the Apache Range Header Attack. This is a pretty good overview of several ways you can protect yourself for little to no cost. Also, see my post, Detecting

Tagged with:

Detecting the Apache Range Header DoS Attack with OSSEC

If you run Apache, you may have heard about the DoS vulnerability last week. Apache suffers from a condition where an attacker can remotely cause the web server to consume huge amounts of memory. This causes the system to be

Tagged with: ,

The Immutable Friday Fav Five

One of the reasons I started this blog was to share things I had encountered in the security and privacy world. I have done quite a bit of editorializing, but not too many of the quick and useful posts. I

Tagged with: , , ,

OSSEC 2.6 Released

The OSSEC team is pleased to announce the general availability of v2.6. This version includes support for IPV6, a new tool for key management of ‘nix agents, an option to increase the block timeout for repeat offenders, and many other

Tagged with:

Garden Security II: The Bunny Breach

*(&$#@!! I stepped outside tonight to water the garden and what did I find? A fuzzy-tailed rabbit happily hanging out inside my garden–with the gate closed. My perimeter has been breached! How did he get in? I am still doing

Tagged with:

Breaking Down the Advanced Persistent Threat

Sometime when I wasn’t paying attention, a bunch of marketing folds must have gotten together to come up with a new, catchy acronym. I imagine the meeting must have gone something like this: Joe: We’re not selling enough of our

Tagged with:

2WoO Day 7: Supporting New Applications the Right Way

There are already several good posts out there about decoders and rules, and how one uses both to add new application support in OSSEC. What I haven’t seen is the non-technical process behind adding new apps and making sure it

2WoO Day 6: Running Multiple Instances on One Box

One of the hallmarks of good software is that you can cajole it into doing things it may not have been originally designed to do. Well designed software is small, modular, portable and secure. OSSEC falls into this category. OSSEC

Tagged with:

2WoO Day 5: Taming File Integrity Alerts

Just the other day, someone said to me, “How do I tame syscheck? I get all of these alerts right after I patch and it just drives me nuts!” Ok, that’s not really what they said. What they said was,

Tagged with:

2WoO Day 4: Five Tips & Tricks for OSSEC Ninjas!

Are you an OSSEC ninja? Do you dress in orange and red and laugh maniacally at all of the frustrated attackers who have tried to take you down? Do you take medication for that condition? Ok, well, best of luck to

Tagged with: