R-fx Networks

Tag: ips

(ATF) Aggregate Threat Feed

by on May.02, 2010, under Development

For my first post back into things in awhile (a long while), I thought I would introduce everyone to the sexyness that i’ve called the Aggregate Threat Feed or ATF for short. This feed is derived from threat data at work, namely our network edge IPS (a custom snort implementation, another post on that later) […]

2 Comments :, , more...

Linux Malware Detectection

by on Oct.19, 2009, under Development

[ UPDATE: Linux Malware Detect has been released ] I have the last few weeks been working on a new project for malware detection on Linux web servers, it is already at a pre-release version in use at work and it has shown phenomenal promise. Right to it, some background… On a daily basis the […]

11 Comments :, , , more...

Snorting the Web Farm

by on Jun.10, 2009, under Development, HowTo

Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments. alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;) alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; […]

1 Comment :, more...

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...