Monthly Archives: May 2007

Sqlmanager scans

I have three honeypots looking for web attacks/scans and lately all three of them detected scans looking for sqlmanager (mysqlmanager). It is the first time I see them looking for it and I couldn’t find any reference to new vulnerabilities … Continue reading

Posted in log analysis | Leave a comment

Log analysis using Snort?

In the snort mailing list there was a thread about detecting authentication failures (on ssh, apache, ftp, etc) using Snort. I love Snort, but using a NIDS (Network-Based IDS) for this kind of stuff is trying to use the right … Continue reading

Posted in log analysis, ossec | Leave a comment

OSSEC on AusCERT 2007

If anyone is noticing that I am too quiet lately, it is because of looong hours in the plane (first Canada to Poland, now Canada to Australia). Anyway, this week I will be representing OSSEC at AusCERT 2007 and my … Continue reading

Posted in ossec | Leave a comment

OSSEC v1.2 available

We are pleased to announce the availability of OSSEC version 1.2. This new version comes with lots of new features, including: Support for OpenBSD PF logs. Support for compiled (c-based) decoders. New options for composite rules: “srcport”, “dstport”, “same_src_port”, “same_dst_port” … Continue reading

Posted in ossec | Leave a comment

OSSEC at CONFIDENCE 2007

OSSEC will be represented at CONFIDENCE 2007 where I will be speaking about Log analysis using ossec. If you live in Poland (or near by), and want to learn a little more about OSSEC, make sure to attend. Some great … Continue reading

Posted in CONF2007, log analysis, ossec | Leave a comment

OSSEC Logo chosen!

Our logo/mascot contest has just finished and we have a winner (and a brand new logo)! The Winner is Andres Armeda from Applied Watch with the following design: We also want to thank all the other designs that were sent … Continue reading

Posted in contest, ossec | Leave a comment

OSSEC v1.2 BETA1 available

OSSEC v1.2 is soon to be released and we need some help beta testing it. As I always say, trying out our beta releases is a simpler and very effective way of helping the project. Where can you download it? … Continue reading

Posted in ossec | 1 Comment

Granular e-mail alerting

One of the most popular feature requests for ossec that I received lately was the availability of granular e-mail alerting options. Well, if you have been waiting for it, it is now available to be used… Just try our first … Continue reading

Posted in ossec | 3 Comments

Daily/Chained checksum of ossec alerts

OSSEC v1.2 will come with support for daily/chained checksums enabled by default. Basically, what it means is that at the end of each day, ossec will generate the md5/sha1 sum of the currently logs plus the md5/sha1 sum of the … Continue reading

Posted in log signing, ossec | 1 Comment