By Fred Theilig – @fmtheilig My IDS alerted me to strange behavior (obfuscated Log4j) on my web server, but rather than investigate through Security Onion, I went straight to the logs. Greping…
Category: Security Onion
Banner Capture for Fun and Profit
On January 30th I saw the single suricata alert “ET SCAN Zmap User-Agent (Inbound)”. This is a low severity alert and the target was my web server. Let’s see what that’s all…
A Whole Lot of Nothings
On August 18th IP address 23.227.202.82 (Tampa, Florida) triggered the suricata alert “ET SCAN MS Terminal Server Traffic on Non-standard Port” on my web server. This is apparently an attempted information leak,…
Torrent in Sheep’s Clothing
I discovered that my son was using BitTorrent. The alert GPL P2P BitTorent Transfer showed up in Security Onion in the 100’s of thousands. He said he uses it to download Linux…
WUDO and, well, that was dumb
Allow me to introduce you to WUDO. WUDO is Windows Update Delivery Optimization, and not the Western Union Defence Organisation. This is a feature introduced in Windows 10 to cut down on…
Penetration Test, No Charge
Back in early July some strange traffic was setting off Suricata alerts. The target was my WordPress website. The website is for the benefit of a non-profit and because of ISP restrictions,…
These Are the Pros and Cons of …
… Clear Text Authentication Back in June I got a Suricata alert saying a local computer was authenticating using clear text. That computer was my son’s Nintendo Wii. Security Onion is an…