Questions tagged [ids]
Intrusion Detection System, a system for detecting and alerting based on behavior.
431
questions
0
votes
0
answers
86
views
Snort content syntax
Is it possible to use the symbols <, /, >, space, in the content option of a Snort rule? Or should I use URL encoding instead?
Which syntax is correct?
content:"%3Cscript%20"
content:&...
0
votes
0
answers
184
views
Snort fails when run as a service
I've got Snort compiled, configured, and running. Only problem I have is that it fails when I try to run it as a service. I've mainly been using the guide from here: https://snort-org-site.s3....
1
vote
1
answer
108
views
Would monitoring for unusual process execution help identify intrusions on a web server?
I have a web server with each web application running as it's own machine level account.
The server only hosts the web applications, no other services, dbs, etc.
Apart from the web server processes, ...
0
votes
0
answers
78
views
Is it possible to count SYN and ACK flags separately in a single rule in Snort?
I want to write a rule for Snort to detect lost traffic in the network. Is it possible to write a rule that, by combining two flags, SYN and ACK, it declares that if the number of SYNs to the server ...
1
vote
1
answer
173
views
Snort / Suricata rules from HOME_NET with rule option flow:to_client
Reading through Suricata/Snort IDS rules, I can see examples such as below, and scratching my head to understand how is it feasible that a connection from home_network to external_network can have a ...
0
votes
1
answer
297
views
What security issues could occur when generating ids on the client?
It's sometimes convenient to generate ids client-side in a typical CRUD app.
The main benefit is for optimistic updates: you can update your client state with the right id without waiting for the ...
3
votes
2
answers
3k
views
Intrusion detection in a small home network
The number of devices in my home network keeps growing: Apart from my gaming PC and our home office notebooks, we have the kids' tablets, all our smart phones, a smart TV stick, some WLAN peripherals, ...
2
votes
2
answers
501
views
Bypass network security filters with CDN
I read about Domain Fronting technique, it bypasses network security filters but requires a relatively complex configuration (having evil.com pointing to a.cdn.net, and good.com pointing to b.cdn.net, ...
0
votes
0
answers
90
views
WIPS and IDS vs NDR
My organisation has a Network Detection and Recovery (NDR) but does not have an WIPS/ WIDS. Because NDR is usually hooked to the core switch, is this enough to detect and mitigate against threats ...
0
votes
1
answer
329
views
Difference between to_server and from_client in snort
I am trying to wrap my head around the difference between the different flow options in Snort.
There are four directional flow options:
Option Description
1) to_client Trigger on server ...
1
vote
0
answers
99
views
Can you configure Tripwire to produce an actual diff between modified files
I'm using the open source version of Tripwire on Ubuntu 22.04. Right now when a file is modified Tripwire will document this in the integrity check with an "Expected" vs "Observed" ...
0
votes
0
answers
109
views
Does fragrouter work with OpenVPN?
My goal is to evade IDS/IPS detection and scan the target with nmap. If the scan is detected, the target seems to stop responding for 10s. I think that IP Fragmentation Attack is exactly what I need.
...
1
vote
1
answer
720
views
Why do I need an IDS/IPS in a serverless cloud environment?
Following this question (Why do we need IDS/IPS if a firewall is present?) from a few years back, I am trying to take this subject to the cloud.
Assuming that I have a fully "serverless" AWS ...
-1
votes
1
answer
2k
views
Can the usage of Wireshark be detected when sniffing for packets in promiscuous mode? [duplicate]
I know that port scanning can set off IDS systems on certain networks due to the suspicious traffic it generates. Can the usage of Wireshark be detected on a network? If so, will using it set off any ...
0
votes
0
answers
496
views
Are IDS/IPS already implemented on Google Cloud?
I have a partner that is asking "Do you use breach detection/prevention tools?".
I host my service on managed hosting (Heroku) and currently migrating to Google Cloud. Should I be using &...