http://ids.surfnet.nl/wiki/ 2013-05-20T00:23:33+02:00 http://ids.surfnet.nl/wiki/ http://ids.surfnet.nl/wiki/lib/tpl/sidebar-rc2006-09-28/images/favicon.ico text/html 2012-09-27T14:03:27+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=latest_docs:3_sensor:1b._bootable_usb&rev=1348747407&do=diff 1a: Bootable USB The other option of creating a SURFids sensor is by making a bootable USB stick function as a SURFids sensor. These USB sticks can be deployed throughout your network on any machine that will boot from USB. This page will describe how you can create the USB image that will be used for creating a USB sensor. This image can be used to create any number of USB sticks (ie, the image is only created once). First we need to get the necessary files from the SURFids repository: text/html 2012-07-26T17:19:33+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=kb:honeypot_ports&rev=1343315973&do=diff Honeypot ports Port Amun Nepenthes Dionaea 21 ftpd ftp 25 imail 42 wins wins 69 … text/html 2012-07-26T15:07:44+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=kb:installing_kippo&rev=1343308064&do=diff BETA BETA BETA BETA NOTE : Kippo support in SURFids is still in beta phase. This document is mainly intended for people that want to help testing Kippo along with SURFids. Installation cd /opt/ svn checkout http://kippo.googlecode.com/svn/trunk/ kippo text/html 2012-07-25T11:14:53+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=other:contact&rev=1343207693&do=diff Project leader Rogier.Spoor[at]surfnet[dot]nl Developers Kees Trippelvitz - Kees.Trippelvitz[at]surfnet[dot]nl IRC SURFnet IDS: #surfnetids irc.freenode.net Nepenthes: #nepenthes irc.freenode.net text/html 2012-07-06T15:11:07+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=latest_docs:2_tunnel_server:1._installation&rev=1341580267&do=diff 1: Installation First you need to add the SURFids key to your local key chain: wget -q http://repo.ids.surfnet.nl/key.pub -O- | sudo apt-key add - Then create a file /etc/apt/sources.list.d/surfids.list with the content: deb http://repo.ids.surfnet.nl/surfnetids/ lenny main text/html 2012-01-10T15:18:47+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=latest_docs:2_tunnel_server:1b._arp_detection&rev=1326205127&do=diff 1a: Installing Ethernet module The detectarp.pl script uses various perl libraries. These libraries are not always available as standard Debian packages. To enable ARP detection we will somehow need to install these libraries. Here is how it works: What is needed? The list of needed libraries is: text/html 2011-12-22T17:44:25+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=latest_docs:faq&rev=1324572265&do=diff FAQ Tunnel server FAQ T01: I have a sensor that keeps starting and reseting it's connection. Certificate is not yet valid. SERVER: /var/log/daemon.log Mar 28 15:38:02 localhost openvpn[31788]: Connection reset, inetd/xinetd exit [-1] SENSOR: /var/log/daemon.log text/html 2011-12-14T13:48:12+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=sidebar&rev=1323866892&do=diff [http://ids.surfnet.nl/] Global * SURFcert IDS * Global * Tunnel server * Sensor * Logging server * SURFids Demo * Downloadable Demo Files * Screenshots * SURFids packages * Subversion * SURFids Trac * Miscellaneous * Manual latest_docs index kb index text/html 2011-12-06T11:59:58+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?id=home&rev=1323169198&do=diff Welcome to the SURFcert IDS Development homepage. SURFcert IDS (previously SURFids) is an open source Distributed Intrusion Detection System based on passive sensors. The goal is to provide an early warning system which lets system administrators correlate known and unknown exploits to attacks directed towards their networks. text/html 2010-03-22T16:24:38+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?image=kb%3Avmware_network_0a.jpg&ns=kb&rev=1269271478&tab_details=history&mediado=diff&do=media <img src="/wiki/lib/exe/fetch.php?w=500&h=291t=1342085232&amp;media=kb:vmware_network_0a.jpg" alt="kb:vmware_network_0a.jpg" /> text/html 2010-03-22T15:18:57+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?image=kb%3Avmware_network_0.jpg&ns=kb&rev=1269267537&tab_details=history&mediado=diff&do=media <img src="/wiki/lib/exe/fetch.php?w=500&h=292t=1342085232&amp;media=kb:vmware_network_0.jpg" alt="kb:vmware_network_0.jpg" /> text/html 2010-03-22T13:10:04+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?image=kb%3Avmware_network_2.jpg&ns=kb&rev=1269259804&tab_details=history&mediado=diff&do=media <img src="/wiki/lib/exe/fetch.php?w=499&h=366t=1342085232&amp;media=kb:vmware_network_2.jpg" alt="kb:vmware_network_2.jpg" /> text/html 2010-03-22T12:54:18+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?image=kb%3Avmware_network_3.jpg&ns=kb&rev=1269258858&tab_details=history&mediado=diff&do=media <img src="/wiki/lib/exe/fetch.php?w=455&h=500t=1342085232&amp;media=kb:vmware_network_3.jpg" alt="kb:vmware_network_3.jpg" /> text/html 2010-03-22T12:54:01+02:00 ktrippelvitz http://ids.surfnet.nl/wiki/doku.php?image=kb%3Avmware_network_1.jpg&ns=kb&rev=1269258841&tab_details=history&mediado=diff&do=media <img src="/wiki/lib/exe/fetch.php?w=500&h=366t=1342085232&amp;media=kb:vmware_network_1.jpg" alt="kb:vmware_network_1.jpg" />