Intrusion Detection Lectures
A quick course on detecting network threats using tcpdump and Snort
#Linux #TCP/IP #tcpdump #Snort
Big thanks to Charles Berlin for the O RLY book cover generator!
Network Traffic Analysis Using tcpdump
- Many IDS systems do not show packets or allow to do a session reconstruction
- We are at the mercy of IDS to correctly interpret the traffic
- Are we supposed to take the IDS’s word that it was a legitimate attack?
- Sometimes the IDS is just plain wrong.
Intrusion Detection With Snort
- How to analyse network traffic in real time for conditions that will generate alerts and log the offending packets?
- How can we use custom configuration files containing runtime directives and rules?
- How to protect your network from zero day attacks unknown to your security team?