Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ids]

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.

Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.

Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.

70 questions
0
votes
2 answers

last night, my server was doing something intensive with the hard drive

I have an ubuntu server running in my bedroom. It's connected to the internet. Last night, at 5am, it was doing some intensive i/o with the hard drive (I heard it) for like 20 minutes. I don't have any cron jobs scheduled, and it has not done that…
sybind
  • 327
  • 1
  • 4
  • 14
0
votes
2 answers

SPAN/Port mirroring on Linksys switch

I'm trying to deploy a Snort box in my LAN. I have a Linksys SRW248G4 and trying to configure Port mirroring so that Snort can listen everything on the network in promiscuous mode. So in ADMIN / Port Mirroring, I have 3 things: Source Port…
Bastien974
  • 1,896
  • 12
  • 44
  • 62
0
votes
1 answer

update-aide.conf command not found

I'm trying to setup aide IDS on my ubuntu server, I followed the official installation guide but when I try to use the command "update-aide.conf" to generate new config I get error $ update-aide.conf: command not found I tried to search for the…
Bekr
  • 3
  • 2
0
votes
1 answer

Create an NFQUEUE rule to match a local addresses destination in my raspberry pi router

I'm working on a project to verify the source of each packet if its destination is one of several IPs on the LAN network. I'm interested in the LAN IPs, not the WAN. I tried to create many matches like the following but nothing worked. iptables -t…
zezo mehdawi
  • 1
  • 2
0
votes
1 answer

What is uid in snort means

I was writing a snort rule for the specific exploit and then came across one solution that details as "uid=0(root)". Can someone explain what is that and why it is mentioned in order to capture the packet containing root content in it.
vigneshwar s
  • 1
0
votes
0 answers

IDS/IPS on Ubiquiti EdgeRouter

I have changed my network setup from the default ISP device to an Ubiquiti EdgeRouter (ER-X-SFP) a while ago. Currently I’m planing to switch to an static IPv4 address. From the ISP I would also get an IPv6 Prefix. Besides the build in firewall I…
MarvinMcFly
  • 11
  • 3
-1
votes
1 answer

specify the order of IDS , Firewall , WAF

i have an ubuntu system and i want to implement iptables as firewall, modsecurity as WAF and snort as IDS in this system and i have a server behind this system and i want to protect the server with this system. i want when the packet recieves first…
Trudy
  • 1
-1
votes
3 answers

To what extent can you secure a system?

To what extent can you filter/firewall for suspicious traffic or lock down a system? If you have everything up to date and secure, what can you do to protect against a 0 day? I assume an IDS might help for example by recognizing packets trying to…
Sonny Ordell
  • 145
  • 3
  • 7
-2
votes
1 answer

VirtualBox Networking Lab Configuration

I'm creating a lab for a project that will test a network security defense product's effectiveness in detecting various attacks. I have a physical server with 32GB of RAM and VirtualBox to create the network. I have one Windows server as a domain…
DrDinosaur
  • 333
  • 2
  • 3
  • 11
-3
votes
1 answer

How can ossec handle a virus that already spread into the deepest system?

As far as I know, OSSEC is a Open Source HIDS. It's a "Detection System". I read in journals, it collect logs and flag any anomaly that had been found in a system ( e.g. Debian Server ) and do some action with it. Some of the OSSEC's rules, there's…
Gagantous
  • 89
  • 1
  • 2
  • 10
1 2 3 4
5