Changing the default route in Linux

How many times did you plug in your Ethernet cable into your Linux machine and found out that you couldn’t access the network from the wireless? Or the other way around, connecting to the wireless and not being able use your cabled connection? It happened to me a lot. In most cases they were the same network, but the wireless was terrible.  Continue reading “Changing the default route in Linux”

Offline analysis in Security Onion

I’ve mentioned in a previous posts about how useful is Security Onion as it is, but for different reasons one might have to tweat it in order to suit his needs. In my case, I had the problem of big drop rates on network packets from Snort and BRO in a temporary production deployment. Since I couldn’t rely on the BRO and Snort logs I would have to generate them again. The good thing was that netsniff-ng had an almost 0 drop rate and I could use the PCAP files for offline analysis. Continue reading “Offline analysis in Security Onion”

Snort alerts – passing through the Onion

Snort is a pretty interesting piece of software, with multiple features. Understanding the Snort architecture might help better understand this post. It is also the de-facto standard when it comes to IDS and the default sensor used in Security Onion. The present article will present the overview of how Snort and additional programs are being used in Security Onion. The purpose of Snort in Security Onion is to provide IDS data which will be analyzed by the user in one of the user-interfaces available in the operating system. The following is also an example of a network security monitoring system. Continue reading “Snort alerts – passing through the Onion”

How ELSA works

ELSA stands for Enterprise Log Search and Archive. It’s a really powerful syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It’s one of the main tools that I’m relying on when using Security Onion. On a previous post I’ve put some words on the big picture in Security Onion , but in the present one I’m going to focus on details related to how ELSA works in Security Onion. The main reason for this article is to understand the differences between standard ELSA and Security Onion ELSA, where people (including me) might get confused with file paths and configuration details. Continue reading “How ELSA works”

Ubuntu 12.04 desktop hang because of gnome-session

I’m running Ubuntu 12.04 and i’m using Gnome 3 instead of the default Unity. I like the Debian interface much more than Unity. Anyway, every once in a while, when i boot up my laptop and after i log in, everything hangs. In other words, the wallpaper loads up fine and the menu bar also but wherever i click or whatever i try to do, it does not work. I can easily recognize this by the network icon, which looks like my networks adapters are disabled. Continue reading “Ubuntu 12.04 desktop hang because of gnome-session”

Why and how to change your DNS server

On Ubuntu 12.04, I’ve been looking on how to change the DNS servers withouth using the ones appointed by the DHCP server. This assumes that you have a general idea about DNS, if not do a quick Google search on it. In earlier versions, this has been done by modifying the resolv.conf file, but now it’s done by modifying the dhcp.conf file. Continue reading “Why and how to change your DNS server”

Custom laptop battery notifications

Since i bought my laptop, i was concernead of the long-term effects of keeping it plugged in constantly. A lot of people do this and apparently, it shortens the battery life. I wanted an app or a script that could show me the battery notifications that i wanted – notify me when the battery is charged or discharged at a custom level. I think it’s optimal to keep it charged until 90% and not let it discharge below 20%. Since i didn’t find anything that fitted my needs i decided to make my own script. Continue reading “Custom laptop battery notifications”

Mounting a TrueCrypt volume from the command-line

If you are reading this post, i’m assuming that you know about TrueCrypt and that you already have an encrypted volume created. Sometimes i’m much faster using just the command line, so i wanted to access my encrypted volume quickly.  Continue reading “Mounting a TrueCrypt volume from the command-line”

Protect against ARP-spoofing

In a previous article i’ve talked about how you can sniff traffic on LAN using ARP. In this article we are going to see how we can prevent our traffic from being sniffed.

ARP-spoofing works because of the big flaw in ARP, which is that of anybody on the network having the posibilty to repsond to ARP-requests. To prevent machines on the network and routers getting confused we must set up static ARP table and/or configure each of the machines separately. Continue reading “Protect against ARP-spoofing”

Sniff traffic from LAN using ARP

What is ARP

ARP stands for Adress Resolution Protocol. It is the protocol that associates MAC addresses with IP addresses. It is a low-level protocol (Layer 2) that is still very vulnerable to spoofing, even though it is quite old (being defined defined by RFC 826 in 1982). ARP spoofing is a favourite to use in MITM (man-in-the-middle) attacks and it is simple to implement (using automated tools). Plus, it’s a great way to have fun when you are using the same LAN as others (like in dorms, classes etc). Continue reading “Sniff traffic from LAN using ARP”