Initial Notes

Intrusion detection system.

• https://github.com/bro

• https://github.com/LiamRandall/bro-training

Bro training has pcaps with samples of things like malware hiding shells in HTTP traffic. For example:

• This folder has some pcaps containing traffic from a yayih trojan: https://github.com/LiamRandall/bro-training/tree/master/malware-demo/mswab_yayih
• Here is a page that explains what the hell the yayih trojan is: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FYayih.A

Hat tip:

• http://wiki.securityweekly.com/wiki/index.php/Episode336

Installing

Debian - from source

To install on Debian from source, check out the repo with all submodules:

git clone --recursive https://github.com/bro/bro.git

The INSTALL file is pretty clear with its instructions, but the summary:

sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev

In order to build Bro on Debian 9, install libssl1.0-dev instead of libssl-dev.

(Link: https://github.com/bro/bro/blob/master/doc/install/install.rst)

Then the usual:

./configure
make 
sudo make install

this will install to /usr/local/

References

Bro documentation on github: https://github.com/bro/bro/tree/master/doc

quickstart once you do make docs: file:///home/charles/codes/security/bro/build/html/quickstart/index.html

Flags

network monitoring tools and techniques for monitoring networks to avoid pain and suffering Network Monitoring Network Monitoring/Ten Best Practices Network Monitoring Tools: Ping  · SNMP  · ICMP  · Syslog Bro (network baselining): Bro Snort (IDS): Snort Category:Network Monitoring  · Category:Networking  · Category:Linux Flags  · Template:NetworkMonitoringFlag  · e