I may have an old post about NetFlow elsewhere, but this is another article on using NetFlow to monitor bandwidth on a network. Files this away to read at some point, still have not read it or tried it, but would really like to.
Detecting abnormal traffic using NetFlow papers, part 1 and part 2
Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks when they are detected, stop high bandwidth consuming downloads – etc. There are many potential applications.
This article describes how a Linux IPTables based firewall/router can be used to send the right combination of TCP/IP packets to both ends of a connection to cause them to abort the conversation. It describes the steps required to perform this task, and introduces a new open-source utility called “cutter” that automates the process.
Stole a bunch of links from another site describing some new spyware that adds some network traffic and unwanted ads on users’ desktops and networks. 180Solutions might just hit someone I know at work someday soon.
180Solutions Analysis
Full disclosure at Seclists
Securiteam analysis of 180Solutions trojan
180Solutions : nCase
This article is a very quick-shot laundry list of many network terms and items. The whole presentation makes my head spin because the author goes through each one in bambambambam rhythm, but still a nice little bit to read through in pieces.
This page has a presentation-level type of introduction to subnetting. This might be very useful to review.
This quick article talks about running double instances of Snort in order to capture two opposing sets of data. First one sensor catches “everything” that you can imagine in the rules, basically allowing the operator to get an idea of the state of the Internet as a whole. The second sensor only catches things of immediate interest to the operator, basically filtered so that only those threats that may affect the operator are captured. I like this article due to the explicit instructions on installing and running Snort.
This site has basically a paper tackling an Introduction to Security…but it has so many links that it is just a very nice little page to link to and keep around and explore the links off of it, even if they’re known sites and topis. A very nice intro-compilation.
Joat posted this, so I’m going to copy it over:
Just keep in mind the general rules of thumb for security:
The general rules of thumb for countering attacks:
Regardless of what personnel and what cool toys you have guarding your network, someone, somewhere, sometime will break into your network.