427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet274/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   270   271   272   273   274   275   276   277   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Advanced Ourmon Techniques • Chapter 9
335
427_Botnet_09.qxd 1/8/07 4:45 PM Page 335

Separate the Front End and Back 
End with Two Different Computers
Ourmon’s configure.pl application (which we discussed in Chapter 6) sepa-
rates the installation of the front-end probe and back-end processing software.
So, you can install the front end on one computer and install the back end on
a different computer. As a result, by definition they will not compete for one
computer.Then arrange somehow for the front end’s output files to be trans-
ferred using TCP (for reliability) to the back-end computer. We typically run
a small Web server on the probe and use the well-known 
wget
application to
copy the files.You could also use Secure Shell (www.openssh.org) in batch
mode with no passphrase. Our 
wget
approach can be found in the back-end
script /home/mrourmon/bin/omupdate.sh and simply needs to be com-
mented in with a suitable IP address for the probe. It is a good idea to use an
access control list on the probe to make sure that only the back-end host can
access it to get the files. (It is also a good idea to make sure that no external
host can talk to the probe.)
Buy a Dual-Core, Dual-CPU Motherboard
If you buy a dual CPU where each CPU is actually dual-core, SMP operating
systems will think you have four CPUs.This way you can run all of ourmon
on one system, both front end and back end. One hardware thread is for the
NIC reading packets; one is for the probe application. A third thread will be
used by Perl, which runs the back-end code, for the most part.This leaves you
one NIC, possibly for running a program like ngrep, ircfr, or Snort. In the
future we hope to have a threaded ourmon probe; four logical CPUs will be
needed for such software.
Make the Kernel Ring Buffer Bigger
We have found in our lab that a large kernel buffer size will sometimes help
reduce the number of dropped packets.This doesn’t always work, but it has
worked often enough that if you have drops, this is the first thing to try. If it
doesn’t work, maybe you need new hardware. First find the shell script that is
used for starting ourmon and then modify the kernel buffer size parameters

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   270   271   272   273   274   275   276   277   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish