427 Botnet fm qxd


Q:  Should my probe system have only one Ethernet interface or should it have two, one for sniffing, and one for remote access? A



Download 6,98 Mb.
Pdf ko'rish
bet195/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   191   192   193   194   195   196   197   198   ...   387
Bog'liq
Botnets - The killer web applications

Q: 
Should my probe system have only one Ethernet interface or should it
have two, one for sniffing, and one for remote access?
A: 
It is far better and more secure to have two interfaces.The sniffing inter-
face at least on BSD can be configured to have no IP address (or you can
use a private non-routable IP address like 10.0.0.1).This makes it difficult
for attackers to feed fake packets directly to the monitor box, thus tying
up its CPU.Two interfaces also mean that the control interface can be
protected in various ways, possibly using switched VLANS so that it
cannot be addressed by external hosts. If you can use two interfaces on the
probe, by all means do so.
Q: 
I run the ourmon probe and nothing happens? Any advice?
A: 
Try running the startup script by hand. Also, look in the system log direc-
tory or on the console for error messages. Often the system log directory
is /var/log/messages. One common error is getting the interface the
probe wants to use wrong. For example, on Linux you might tell 
con-
figure.pl
that the probe interface is eth0 when it should have been eth1.
Looking at /var/log/messages or using the 
dmesg 
command can help you
www.syngress.com
242
Chapter 6 • Ourmon: Overview and Installation
427_Botnet_06.qxd 1/8/07 3:14 PM Page 242

figure out which interface goes with which interface name.The 
netstat
command can also be used to see if an interface is up or if packets are
being sent or received.
Q: 
Do I have to worry about the ourmon logging system? Will it fill up and
devour all known disk space eventually?
A: 
Probably not. After one week, it will more or less occupy a fixed amount
of space. RRDtool rrd databases do not grow after they are initially cre-
ated.The log directory files do get rolled over from day to day, but typi-
cally one day is about the same size as the next day, thus the overall
amount of used disk space does not change.

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   191   192   193   194   195   196   197   198   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish