Entries Tagged as ‘network’

February 22, 2008

Create a passive network tap for your home network

In my home network, I have a passive tap sitting between my cable modem and my router, instead of spending tons of money, I made my own. They’re surprisingly simple to make, and also extremely simple to use.
Let’s start with the wiring, at a local electronics store, I purchased 4 RJ-45 wiring plugs, I probably [...]

9 Comments

Filed under bridge, freebsd, ids, network, nsm, passive, snort, tap

Tags: , , , , , , ,

February 13, 2008

Hex 1.0.3 released!

We just released Hex 1.0.3, the Chinese New Year release, although it’s closer to the Valentine’s day release. Congratulations to all the Hex developers for fixing bugs and adding features!
You can grab the iso here. [md5] [sha256]
Or, grab the iso from the mirror. [md5] [sha256]
Since Geek00l already covered a list of the most important changes [...]

Leave a Comment

Filed under 1.0.3, freebsd, hex, livecd, monitoring, network, nsm, nsm console, security

Tags: , , , , , , , ,

February 11, 2008

User-submitted modules: flowtag and clamscan

I’d like to point out a couple of user-submitted modules for NSM-Console that are now included in the distribution.
Firstly, scholar01 has created a ‘flowtag’ module for NSM-Console to use Chris Lee’s  excellent Flowtag software for categorizing and tagging network flow for a packet capture. Thanks for the submission scholar01!
Secondly, JohnQPublic has created a ‘clamscan’ module [...]

Leave a Comment

Filed under clamav, clamscan, flowtag, hex, module, monitoring, network, nsm, nsm console, security, submission, svn

Tags: , , , , , , , , , , ,

February 5, 2008

NSM-Console version 0.5 release

That’s right, no development release this time around. I’ve been trying to get version 0.5 all finished for the Hex 1.0.3 release, and I’m happy to present the newest NSM-Console release!
Firstly, you can download NSM-Console version 0.5 here:
http://navi.eight7.org/~hinmanm/files/nsm-console-0.5.tar.gz
Mirror here:
https://secure.redsphereglobal.com/data/dakrone/files/nsm-console-0.5.tar.gz
Like always, let’s go over some of the new features in this release:
Alias command
You can [...]

1 Comment

Filed under bro-ids, checkip, flowtime, framework, harimau, hex, monitoring, network, nsm, nsm console, ruby, script, security, snort

Tags: , , , , , , , , , , , , ,

January 16, 2008

NSM-Console version 0.4 release

Well, it has barely been any length of time and there’s already a new release of NSM-Console, there are so many features that I’ve been coding like crazy to get them all done. First, let’s start with the downloading:
http://navi.eight7.org/~hinmanm/files/nsm-console-0.4.tar.gz
[mirror] https://secure.redsphereglobal.com/data/dakrone/files/nsm-console-0.4.tar.gz
And, for anyone interested, here’s a rundown of the most notable new features:
Additional encoding/decoding options
You can [...]

3 Comments

Filed under analysis, framework, hex, monitoring, monkey, network, nsm, nsm console, packet, ruby, script, security, tcpick, tcptrace

January 8, 2008

NSM-Console version 0.3 release

Yep, I’ve just been cranking out code lately, so I am proud to present the 0.3 release of nsm-console!
You can download NSM-Console here:
http://navi.eight7.org/~hinmanm/files/nsm-console-0.3.tar.gz
This release was focused a bit more on usability, features and bugfixes rather than the addition of new modules, however, there were still a couple that were added. Since this release has some [...]

3 Comments

Filed under argus, console, decode, development, encode, fl0p, framework, hex, iploc, lgpl, monitoring, network, nsm, nsm console, opensource, ruby, script, security

January 4, 2008

Some reference for locality in infosec

A week or so ago I wrote about locality of reference in regards to network security, I found some *actual* research done on the topic and wanted to share it:
http://www.cert.org/netsa/publications/Nspw2003-gates-locality.pdf
I’m still in eager anticipation of the first tool to use locality for malicious activity assesment.

1 Comment

Filed under cert, infosec, locality, network, reference, security

December 21, 2007

NSM-console version 0.2 release

I found out there is internet here, so I’m finally able to post some code changes I was working on while on the airplane.
Firstly, download the files here.
The static page for nsm-console is here.
I finally got around to releasing the next version of the nsm-console. This version incorporates a large amount of bug fixes and [...]

Leave a Comment

Filed under analysis, automation, framework, freebsd, hacking, hex, network, networking, nsm, nsm console, pcap, ruby, script, security

December 19, 2007

Locality of reference in information security

I’ve been kicking this idea around in my head for the last couple of days, trying to decide what to write…
Return with me, for a moment, back to the computational hardware class you took in college (if you did take one, don’t worry if you didn’t). Do you remember discussing program/memory flow? How about locality [...]

6 Comments

Filed under infosec, locality, network, networking, nmap, nsm, scanning, sequential, spatial, temporal

December 14, 2007

Network traffic IP Location aggregator (iploc)

Have you ever been looking through your pcap files (or live captures) and wondered where all the traffic was coming from (or going to)? I have! Well, I’ve written a small (< 150 lines) script to aggregate all of the packet source addresses into a neatly separated CSV (comma-separated values) file. It includes
<ip address>,<country>,<city and [...]

2 Comments

Filed under csv, ip, iploc, location, locator, network, pcap, ruby, script, traffic, visualization

Older Entries