Comments for GuTi.my Network Security

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by GuTi

GuTi — Sun, 05 Oct 2008 14:57:21 +0000

nawuza, which interface you would like to monitor your traffic? Does your eth1 receive traffic? You could do a tcpdump to check the traffic availability on your eth1.

For the no such file or directory error, you have to check where Ourmon is installed? For example, if you extract the package mrourmon in /usr/local, you could run command below after the installation has successfully been done.

# /usr/local/mrourmon/bin/ourmon.sh start

For more info about the Ourmon installation
http://ourmon.cat.pdx.edu/ourmon/INSTALL

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by nawuza

nawuza — Thu, 25 Sep 2008 04:24:42 +0000

and also when i ./ourmon.sh start, this error-> ./ourmon.sh: line 11: /home/mrourmon/bin/ourmon: No such file or directory

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by nawuza

nawuza — Thu, 25 Sep 2008 03:59:21 +0000

ok..i tried to installed ourmon in my linux which are using VMWare. already get the page which Ourmon: Network Monitoring and Anomaly Detection System. But it does not display any data.i already set ifconfig eth1 -arp promisc up. can you give me an extra detail on installing it on FC8. thanks.

Comment on Grace - XY plotting tool by GuTi

GuTi — Tue, 23 Sep 2008 14:04:45 +0000

Hi nawuza,

If you have the tcpdump file, first, you have to convert it to argus format. You could refer here. http://www.gutizz.com/argus-to-check-traffic-spike/
Then you could use the ra client to convert it.

Or you could directly save your network traffic into argus format, by running command below:
# argus -i eth0 -w argus.file
Command above will read the packet from eth0 and save it as argus format.

Comment on OpenSSL creates CA serial file by GuTi

GuTi — Tue, 23 Sep 2008 13:37:19 +0000

Hi mad, not at the moment, but you could refer NSMwiki for the Sguil installation on RedHat.
http://nsmwiki.org/Sguil_on_RedHat_HOWTO

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by GuTi

GuTi — Tue, 23 Sep 2008 13:31:13 +0000

wujike, I have emailed you about the problem, hope to get your reply soon.

nawuza, yes, you could use it to monitor the your network traffic.
I see the Dell switch allows port mirroring, so you could just mirror the traffic to a Gigabit port, and connect it to another network interface of your Fedora server and receive the traffic by running ‘ifconfig #interface -arp promisc up’.

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by nawuza

nawuza — Tue, 23 Sep 2008 01:32:35 +0000

can this thing monitor a switch?i currently try to monitor a dell powerconnect 3424.glad if you could help.and i am using FC8.

Comment on Set 3com SuperStack 3 Switch 4500 Port Mirroring (SPAN) by nawuza

nawuza — Tue, 23 Sep 2008 00:26:18 +0000

keep up the good work and information sharing dude..looking forward with your security related issue especially monitoring network.

Comment on Grace - XY plotting tool by nawuza

nawuza — Mon, 22 Sep 2008 06:26:15 +0000

how does it work with tcpdump..you mean that it read from packet read by tcpdump which are save into a file right?!from the file save by tcpdump..what is the next step?

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by wujike

wujike — Thu, 11 Sep 2008 13:07:57 +0000

as above,
Thanks a lot

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by wujike

wujike — Thu, 11 Sep 2008 13:06:51 +0000

when i execute ./configure.pl,it tell me “Command is not found “,why,pls
tell me

Comment on OpenSSL creates CA serial file by mad

mad — Fri, 01 Aug 2008 06:32:46 +0000

Would you share your Sguil 0.7.0 installation on FreeBSD 7.0 as a how to?

Search the web and could not find any article. Regards.

Comment on Intelligent IPS by GuTi

GuTi — Mon, 30 Jun 2008 17:43:08 +0000

Hi, they should not assume when the IPS blocks the request means the application is vulnerable, this is totally wrong. Human makes the decision, not machine.

This is just like they ask users to update server software and applications to prevent DDOS in their report.

Enabling signature that drops traffic without knowing what is running in the network just makes me sick.

Comment on Intelligent IPS by possible

possible — Tue, 10 Jun 2008 22:14:37 +0000

I think its possible. Assume that the old version, which has a bug gets the input variables via post of 2 variables,lets call them as username_ and password_. so if the url matches and if those two variables also passes into that url, its normal that the ips may block…check if the awstat is really vulnerable or not. than continue to forcing the ips guy to do his job. you can also ask him to disable the signature.

Comment on Ourmon drops packets on 64 bit machine - Fixed by GuTi.my Network Security

GuTi.my Network Security — Fri, 04 Apr 2008 14:45:15 +0000

[...] noticed Ourmon 2.8.1 is quietly released on 21 March 2008. This bug-fix release fixes the bugs that I have reported previously, and my name is in the release note. The IP blacklist config takes 3 argument now, this helps when [...]

Comment on Argus to check traffic spike by GuTi.my Network Security

GuTi.my Network Security — Sat, 15 Mar 2008 02:44:44 +0000

[...] you notice the TCP traffic spike from 2100 to 2200 which is marked in Pink color? I used the same method which I have mentioned previously to check the spike with Argus. It was a inter network file transfer which was running at load 19,001,224 [...]

Comment on Ourmon 2.8 on FreeBSD 7.0-RELEASE by GuTi.my Network Security

GuTi.my Network Security — Sat, 08 Mar 2008 02:43:24 +0000

[...] T -nr pCap tcP[13] = Zz | less Just another Network Security weblog « Ourmon 2.8 on FreeBSD 7.0-RELEASE [...]

Comment on Hello world! by Mr WordPress

Mr WordPress — Fri, 29 Feb 2008 15:57:08 +0000

Hi, this is a comment.
To keep a comment, just log in and view the post's comments. There you will have NO option to keep them.

Just leave it alone.