Sorry this post took so long, crunchtime kicked in with the class I’m teaching and so did the grading apocolypse! heh!
So to wrap up this series of posts I wanted to point out that one of the guys on my netmon team was trying to figure out why our Cisco switch wouldn’t ping —…»Read the full article
So I was travelling to Shmoocon recently, flying ROC-DCA (Rochester-Reagan National) on USAir. As I was going for 5 days (6 with the snowpocalypse) I needed the next size up in a bag from my super small carry on. So I decided I’d try to gate check my next larger bag. I started out by…»Read the full article
Post further updated here.
So I was travelling to Shmoocon recently, flying ROC-DCA (Rochester-Reagan National) on USAir. As I was going for 5 days (6 with the snowpocalypse) I needed the next size up in a bag from my super small carry on. So I decided I’d try to gate check my next larger…»Read the full article
If you tried my php memory fix for OSSIM, I recommended 256MB. Turns out I was then trying to generate a report with 80K+ events, and had to increate to 512MB to get it to work. Original post here.
A few days ago, SANS Internet Storm Center guru Johannes Ullrich released the Whitelist Hash Database. This is a pretty cool little db, which tells you hashes of known files, like mspaint.exe, or cmd.exe on win7/xp/etc…check it out!
Now I saw the URL to this tool, and hit the backspace key a…»Read the full article
So once we got our OSSIM stood up, (we had 2 NICs on the appliance) we were able to see the SPAN port which included all internal VLANs. But I wanted to be able to see what was hitting us from the outside also. Since we couldn’t add another VLAN to the SPAN port with…»Read the full article
If you are using OSSIM, you may have run into a freeze/failure when you are trying to generate a host or network report. This (and a few other freezes… i.e. policy screens) can happen if you run out of memory in php. See the below screenshot to see what I was running into. I…»Read the full article