Finally, CS Lee from Geek00l and Matt Jonkman from Emerging Threats (ET) have started a new project named Emerging Bro.
In short, the project is all about merging Snort signatures to Bro. Although Bro is more focused on policy and analysis script development, it is still or can be quite handy to use the Bro signature matching engine.
Anyway, if you want to use it, check the ET website for more information.
In short, the project is all about merging Snort signatures to Bro. Although Bro is more focused on policy and analysis script development, it is still or can be quite handy to use the Bro signature matching engine.
Anyway, if you want to use it, check the ET website for more information.
It has been a long time that I have updated my blog. I have moved company again, moved back to Snow. One of the major reason is I like to work more closely to home and working on projects. (Network and Security related projects)
Been also busy producing my own songs. You can check my MySpace page for more info.
Using Ableton with Microtonic VST plugin. It is just an awesome plugin, you should check it out.
Also it is festival season, so check my flickr page for the photos.
But, hopefully i will find the time to add more security related posts in the near future.
Last week Bamm has made Sguil version 0.7.0 final and released it on Sguil website.
Big changes are separation of agents, (resp. snort_agent, pcap_agent and sancp_agent), added Passive Asset Detection System (PADS) agent and a lot of bug fixes.
For those who aren't familiar with Sguil, check the Sguil website or the overview on Sguil Wiki page.
When I can find the time, I will post my article about 'Network Security Monitoring in a multi tiered environment'.
When you are using a Network TAP (e.g. NetOptics), and want to bond the interfaces on a FreeBSD, then you have a new way to do this.
Since FreeBSD 6.3 they have introduced a new device called lagg(4). Lagg is a link aggregation and link failover interface.
With lagg you can easily bond two interfaces together.
# ifconfig lagg0 create
# ifconfig lagg0 laggproto fec laggport bge0 laggport bge1 monitor up
Default it uses failover protocol, which you don’t want to use when bonding interfaces. The best protocol for this would be Cisco EtherChannel.
Scott J. Roberts from Vulnerable Minds has come up with a great website to bring all the important security related topic to one central place and call it Pulse.
What a great idea! Why I haven't come up with it.
Here is the full story about why and how.
What a great idea! Why I haven't come up with it.
Here is the full story about why and how.
I have still some issues with my RSS and Atom feeds. Somehow the markup is not getting interpreted. I use Markdown with Smartypants. Why? well, I got use to it to use it on daily basis, so that is basicly it.
Hopefully they can fix it A.S.A.P.
In the mean time you have to skip your favorite feed reader, and use the "old" fasion way, with your browser.
