Sourcefire has released snort 2.8.0 as the new stable production release!! So many cool new features. I don’t have time to go into much of them in depth, but I have a little preview for you. If you would like to read the Change Log it is located here.
From: results [] prometric.com
Subject: Test Results
Date: September 21, 2007 11:42:41 AM CDT
To: tre [] trepullins.net
=============================================
Name: Tre Pullins
Name of candidates company (if provided):
Student ID:
Test Title: Ethical Hacking and Countermeasures (CEHv5)
Start time: 9/21/2007 10:20:48 AM (GMT-5:00) (cst)
End time: 9/21/2007 12:42:28 PM (GMT-5:00) (cst)
Passing Score: 70 / 100
Your Score: Pass (81 points)
In part 2 of a behind the scenes look at Sort, we shall begin by looking at barnyard. Barnyard can best be described as the middle man between Snort and it’s database. You are probably saying … Snort has native database support built in (if you compiled it as such), why do I need another application to handle this task?!
The answer is rather simple, alert queuing. In almost every production environment, the database for Snort alerts, are not stored locally on the Snort box. So, if there is a loss of transport, or hardware/database issues, what happens to Snort? It will just stop logging alerts, leaving you with no IDS data for the timespan of the outage. Forensically speaking, this is a horrendously bad idea. This is where barnyard will be your savior; as Snort logs alerts to the local unified files, barnyard will keep track of what has or has not been inserted into the database. Barnyard will continue to store alerts in its queue while checking for database availability, ultimately inserting the queued alerts when the correct resources are available.
Let’s get ready to barnyard it up:
Today I am performing some maintenance on my Snort IDS, and also practicing for my upcoming Snort CP exam. We shall examine some scripts and applications that can be used to make Snort a little more automated and transparent to the administrator, as well as increase Snort’s overall performance. What I’d like to focus on today is oinkmaster and crontab.
The scope of this post, however, assumes that you have snort installed already, and are advanced enough to understand your IDS system. I am not going to cover the installation of snort at this time. Today I am just going to cover some automation and performance.
Let’s get ready to Snort it up.
Autoblog is reporting here that Colin McRae and possibly part of his family have died in a helicopter crash. The Times UK is reporting it here. While neither source can confirm that he died in the crash, it seems like it’s a pretty good bet.
It saddens me to see such a loss. A pioneer in the rally sport scene and one of the best drivers I have ever witnessed. Thank you for making me love the world rally championship. Thank you for causing me to spend the better part of a paycheck buying an xbox and steering wheel setup. You will be missed Mr. McRae.
A “heads up” for those of you who may be regular Home Depot or Lowe’s customers. Over the last month I became a victim of a clever scam while out shopping. Simply going out to get supplies has turned out to be quite traumatic. Don’t be naive enough to think it couldn’t happen to you. Here’s how the scam works:
At my place of employment, we were given “unlimited” Brainbench.com accounts; to be used for internal training and skills measurement. I’ve never heard anyone refer to brainbench with anything but sarcasm or uncontrolled laughter, but what the hell, it’s free to me right? I logged in and looked around their site for a while, I noticed they had some Apple OS X tests. Now anyone who knows me, knows I am a giant apple geek (no, not a fanboy), so I took every test that was available that was related to Apple. I ended up taking about three tests related to OS X and passing them at the “master” level. Then, just to really solidify my Apple geniusness I took the tests they had for System 8 and 9. Why the hell they even bothered with System 8/9 is beyond me .. but anyway.
I checked the mail today, and to my surprise there was a large envelope from Brainbench. I didn’t remember asking them to send me anything .. *evil mean thoughts*. I opened it up anyway, thankfully there was no spam or anthrax spores ..