427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet193/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   189   190   191   192   193   194   195   196   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Ourmon: Overview and Installation • Chapter 6
239
427_Botnet_06.qxd 1/8/07 3:14 PM Page 239

Solutions Fast Track
Case Studies:Things That Go Bump in the Night
Ourmon uses graphics based on Tobias Oetiker’s popular RRDtool
system (http://oss.oetiker.ch/rrdtool).
The pkts filter shows how many packets per second (pps) the
ourmon system is processing.
You need to observe your ourmon graphs and data daily and over
time build up some idea of what is normal.Then you will be able to
spot anomalies.
The pkts filter can be used to see DoS and DDoS attacks.
The worm graph filter can be used to see large parallel scans.
The hourly IRC report can be used to look for anomalous IRC
channels and may indicate botnet activity.
The RRDtool IRC message count graph can show an on-campus
botnet server.
How Ourmon Works
Ourmon architecturally has two main components, a probe (sniffer)
used for packet capture and a back-end graphics engine that makes
Web pages.
The ourmon system has three important cycle times.The probe
produces outputs every 30 seconds.The back-end software produces
base-lined data including hourly and daily ASCII reports.
RRDtool graphs include daily, weekly, monthly, and yearly graphs.
Ourmon dynamically creates Web pages and logs.The logs may be
used for extracting more details about a particular case and are also
used internally by ourmon to produce hourly summarizations.
www.syngress.com
240
Chapter 6 • Ourmon: Overview and Installation
427_Botnet_06.qxd 1/8/07 3:14 PM Page 240

Installation of Ourmon
The supplied tool configure.pl is used for installing ourmon.
Ourmon has various dependencies (software not supplied by us)
including a Web server, the RRDtool library, the libpcap library, and
the PCRE library.These should be installed before ourmon is
configured.
The ourmon.sh script is used to start the probe.
The back-end graphics software is run from the root crontab once a
minute.
If you have installation problems refer to the INSTALL file.
It is a very good practice to dedicate a small subnet as a darknet.This
can be very helpful in detecting scanning hosts.

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   189   190   191   192   193   194   195   196   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish