If you're not afraid about the state of your company's security, you should be. Hackers are scanning ports en masse, coordinated attacks are gaining popularity, and network users who appear to be valid are often impostors. And that's just outside attacks. . . .
Source: Security Focus - Posted by Benjamin D. Thomas
A thief obtains his prize by bypassing alarms and security systems that are in place. IDS evasion is no different. An attacker knows that the IDS will alarm on certain attack signatures and, therefore, will try to evade the IDS by . . .
One key to intrusion detection is understanding the most common security exploits. This knowledge will allow you to set up a checklist for periodic security checks of your system. If you're running a DNS server, BIND is a favorite target for . . .
Source: LinuxSecurity.com.br - Posted by Dave Wreski
New version of chkrootkit (0.19) available... chkrootkit is a shell script mainly developed by Nelson Murilo (Brazilian) that checks for the existence of rootkits installed in your system... Tested on Linux 2.0, 2.2 (any distro), FreeBSD 2.2.x, 3.x and 4.0, OpenBSD . . .
The basic function of an IDS is to record signs of intruders at work inside and to give alerts. Depending on the product, how it is deployed and its network configuration, an IDS may only scan for attacks coming from outside . . .
If you're one of the unfortunate souls who has been at ground zero during a high-impact security incident, you know the chaos that often ensues. When the big one hits, it can spawn teams of crazed administrators, flocks of delusional and . . .
Tripwire, Inc., the leading provider of data and network integrity solutions, today announced the availability of its Open Source product for the Linux(R) operating system. "Tripwire Open Source, Linux Edition is a significant contribution of commercial-quality data and network integrity software . . .
Here's a quick startup guide for using snort. You might also be interested in the LinuxSecurity.com "Using Snort" guide. "Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on . . .
Source: SecurityFocus.com - Posted by Ryan W. Maple
This article is a very good introduction to the basics IP packets. "This article, a discussion of the characteristics of abnormal Internet Protocol (IP) packets, is the first in a series of tutorials that are intended to educate intrusion detection system . . .
Source: Security Focus - Posted by Benjamin D. Thomas
The purpose of this paper is to help Intrusion detection analysts and firewall administrators identify NMAP & QUESO scans. This paper will provide bit level analysis in detecting NMAP and QUESO scans. This type of analysis is vital for individuals who are performing firewall administration and need to understand more details relating to these scanners and the scans they perform.. . .
