Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [intrusion-detection]

Intrusion Detection is ability of a system to analyze different parameters on a computer system to determine if a system is compromised or not.

Intrusion Detection is ability of a system to analyze different parameters on a computer system to determine if a system is compromised or not.

These can be done through:

  • Log analysis
  • Hash checking of files
  • Network analysis
51 questions
0
votes
0 answers

Need feature name: ethernet switch recognizes manual cable disconnect and shuts down the port

Once in a hospital's radiology department, we had this nifty security feature -- I just cannot remember the proper name to succeed at various search engines: If a host's ethernet cable was disconnected, the uplink switch recognized this and as…
Twonky
  • 101
  • 2
-1
votes
2 answers

How to count the number of SYN, ACK, or SYN-ACK in a second?

I want to make a DDoS SYN Flood Detection, so i need to count the number of SYN, ACK, or SYN-ACK packet per second.
Gilang Ramadhan
  • 1
-1
votes
1 answer

barnyard2 for snort permission denied

I installed barnyard2 for snort, but when i run command below this error appear. [root@localhost snort]# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.log -w /etc/snort/bylog.waldo /etc/snort/gen-msg.map /etc/snort/sid-msg.map…
Mohamad
  • 1
  • 1
-1
votes
1 answer

Can Wazuh work for a single agent with less than the stated minimum hardware requirements?

I was surprised to find that the Wazuh server requirements state 2gb and 2 cores are the minimum requirements - but I wonder how much these numbers are tailored towards supporting multiple agents. Is anyone running Wazuh with less than the stated…
Slbox
  • 113
  • 4
-2
votes
2 answers

Run multiple virtual machines on a virtual server

Is it possible to run multiple virtual machines on a virtual server? I am on a project and I want to run an Intrusion Detection System as distributed using many ubuntu virtual machines. Is it possible to be done on a virtual server which runs…
Christos Michael
  • 101
  • 1
-2
votes
1 answer

FAIL2BAN filters- who can give me filter to block this intrusion?

I see in my mediatemple server maillog endless intrusion. i need to block these ips. who can help with filter file to match these? Jan 21 07:51:44 mydomain postfix/smtpd[23505]: SSL_accept error from unknown[185.7.214.188]: -1 Jan 21 07:51:44…
alex K
  • 1
  • 2
1 2 3
4