by Fred Theilig – @fmtheilig My home server seems to occasionally enter a steady state. The syslog logs, the IDS detects, the vulnerability scanner scans, the web server serves. I stop routinely…
Category: Security Onion
D-Link Router Compromise Attempt
by Fred Theilig – @[email protected] Security Onion threw up three alerts this week:WGET Command Specifying Output in HTTP HeadersPossible D-Link Router HNAP Protocol Security Bypass AttemptD-Link Devices Home Network Administration Protocol Command…
A (slightly) Deeper Dive into Weird Apache Logs
By Fred Theilig – @fmtheilig My IDS alerted me to strange behavior (obfuscated Log4j) on my web server, but rather than investigate through Security Onion, I went straight to the logs. Greping…
Banner Capture for Fun and Profit
On January 30th I saw the single suricata alert “ET SCAN Zmap User-Agent (Inbound)”. This is a low severity alert and the target was my web server. Let’s see what that’s all…
A Whole Lot of Nothings
On August 18th IP address 23.227.202.82 (Tampa, Florida) triggered the suricata alert “ET SCAN MS Terminal Server Traffic on Non-standard Port” on my web server. This is apparently an attempted information leak,…
Torrent in Sheep’s Clothing
I discovered that my son was using BitTorrent. The alert GPL P2P BitTorent Transfer showed up in Security Onion in the 100’s of thousands. He said he uses it to download Linux…
WUDO and, well, that was dumb
Allow me to introduce you to WUDO. WUDO is Windows Update Delivery Optimization, and not the Western Union Defence Organisation. This is a feature introduced in Windows 10 to cut down on…
Penetration Test, No Charge
Back in early July some strange traffic was setting off Suricata alerts. The target was my WordPress website. The website is for the benefit of a non-profit and because of ISP restrictions,…
These Are the Pros and Cons of …
… Clear Text Authentication Back in June I got a Suricata alert saying a local computer was authenticating using clear text. That computer was my son’s Nintendo Wii. Security Onion is an…