21.1.13

建構一台Botnet-IDS(單純分析殭屍網路"Botnet")

教育學術網路系統安全與惡意程式偵測技術研發建置計畫
教育部的一個計畫 , 建構一台Botnet-IDS(單純在分析殭屍網路Botnet)
這要架在內部與其他功能的IDS搭配
教育部的snort.conf是Windows的
所以要稍微修改一下snort.conf

架設平台___Ubuntu12.04 + Snort2.8.5.2

5.1.13

Raspberry Pi 的教育手冊

The manual is released under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 unported licence, which is a complicated way of saying that it’s free for you to download, copy, adapt and use – you just can’t sell it.

You’ll find chapters here on Scratch, Python, interfacing, and the command line. There’s a group at Oracle which is currently working with us on a faster Java virtual machine (JVM) for the Pi, and once that work’s done, chapters on Greenfoot and Geogebra will also be made available – we hope that’ll be very soon.

We want to say an enormous thank you to the whole CAS team, especially Andrew Hague, who corralled everything (and everyone) together as well as editing much of the document and writing a couple of the chapters. Thanks also to the team at Publicis Blueprint (beware! This link autoplays some video), who did more copy-editorial, production and typesetting work, all on a volunteer basis. Thank you to Graham Hastings, Michael Kölling, Ben Croston, Adrian Oldknow and Clive Beale, who wrote chapters of the manual; thank you to Bruce Nightingale, Brian Starkey and Alan Holt for the digital content. And thank you to the army of CAS members who worked so hard on reviewing and proofreading everything. Everybody who worked on this manual gave freely of their own time to make it happen, and we’re very, very grateful to you all.

The manual itself? It’s brilliant, and we think you’ll find it really useful. Head over to the Pi Store from your Raspberry Pi’s desktop to download a copy directly to your Pi, or, if you don’t have a Raspberry Pi, download it here.

2.1.13

卡巴斯基實驗室針對2013年的資安預測


Security forecast for 2013

The end of the year is traditionally a time for reflection – for taking stock of our lives and looking to the future. So we’d like to offer you our forecast for the year ahead, looking at the key issues that we believe are likely to dominate the security landscape in 2013. Of course, the future is always rooted in the present, so our security retrospective, outlining the key trends of 2012, is a good starting-point.

1.1.13

Ubuntu1204 + Bro-IDS 2.1

apt-get install                                           //安裝相關套件
libncurses5-dev 
g++ 
gcc 
bison 
flex 
libmagic-dev 
libgeoip-dev 
libssl-dev 
build-essential 
python-dev 
libpcap-dev 
cmake 
swig2.0 
libssl0.9.8 
make

下載Bro-IDS安裝
wget http://www.bro-ids.org/downloads/release/bro-2.1.tar.gz           //下載
tar zxvf bro-2.1.tar.gz                                        //解壓縮
cd bro-2.1                                                         //切換目錄
./configure                                                         //編譯
make
make install                                                      //安裝

/usr/local/bro                                                   //安裝預設目錄

/usr/local/bro/bin/broctl                                   //執行broctl
[BroControl] > install                                      // 產生預設腳本
[BroControl] > start                                        //啟動






CentOS 6.3 + Firestorm NIDS 0.5.4 //模組,rules更新

rpm -q libpcap                                                       //-q 查看 libpcap版本 //-e 移除 libpcap版本
rpm -e libpcap                      //firestorm-0.5.4支援libpcap-0.6.2版,如不對請重新安裝
rpm -ivh
ftp://ftp.pbone.net/mirror/archive.download.redhat.com/pub/redhat/linux/7.3/en/os/i386/RedHat/RPMS/libpcap-0.6.2-12.i386.rpm                                        
//安裝libpcap-0.6.2-12.i386.rpm  
rpm -ivh  http://www.scaramanga.co.uk/firestorm/v0.5.4/firestorm-0.5.4-1.i386.rpm
//安裝firestorm-0.5.4-1.i386.rpm
find / -name firestorm                                           //查看系統內的firestorm相關資料夾

下載snortrules-snapshot-2945.tar.gz
解壓縮後,將so_rules/precompiled/RHEL-6.0/i386/2.9.4.5/裡面全部的.so都複製到
/usr/lib/firestorm/protocols/
將rules裡面的全部.rules都複製到                          
/var/lib/firestorm/snort-rules/
編輯/etc/firestorm.conf
將新規則打入到最後一行  

/etc/rc.d/init.d/firestorm restart    //重新啟動