- tuned is a profile-based system tuning tool that uses the udev device manager to monitor connected devices, and enables both static and dynamic tuning of system settings. Packages in Debian are 'tuned' and 'tuned-utils'.
- Using netstat and dropwatch to observe packet loss on Linux servers - uses the 'dropwatch' package (needs kernel symbols).
- Track a packet as it goes through the kernel (linux)
Monday, January 20. 2020
Linux Performance
Linux Open Ports
Courtesy of 3 quick ways to reduce your attack surface on Linux, a command to identify open ports and identify the associated application:
$ ss -tulnp --no-header | awk '{print($1, $5, $7)}' udp 0.0.0.0:32770 users:(("vlc",pid=2786557,fd=39)) udp 0.0.0.0:32771 users:(("vlc",pid=2786557,fd=40)) udp 127.0.0.1:123 udp 0.0.0.0:123 udp 0.0.0.0:631 udp 0.0.0.0:37019 udp 0.0.0.0:5353 udp 0.0.0.0:39276 users:(("vlc",pid=2786557,fd=50)) udp 0.0.0.0:39277 users:(("vlc",pid=2786557,fd=51)) tcp 0.0.0.0:61209 tcp 127.0.0.1:25 tcp 127.0.0.1:5433 tcp 0.0.0.0:8794 tcp 127.0.0.1:3493 tcp 127.0.0.1:5101 users:(("ssh",pid=899751,fd=4)) tcp 127.0.0.1:5102 users:(("ssh",pid=2187130,fd=4)) tcp 127.0.0.1:5201 users:(("ssh",pid=2186389,fd=5)) tcp 127.0.0.1:5202 users:(("ssh",pid=2186389,fd=7)) tcp 0.0.0.0:22 tcp 127.0.0.1:631 tcp 127.0.0.1:5432 ...
Network Monitoring and Protection
- Zeek s a powerful network analysis framework that is much different from the typical IDS you may know. (Zeek is the new name for the long-established Bro system. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Threat Hunting with Bro IDS
- BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 2443 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs.
- Stratosphere IPS for Linux is an intrusion prevention system that is based on behavioral detections and machine learning algorithms. Makes use of Zeek.
- Security Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management
- SecTools.Org: Top 125 Network Security Tools - several years old for the newest releases (looks like 2016 is most recent). Doesn't have tools like Suricata.
- Argus s the first network flow system, developed by Carter Bullard in the early 1980's at Georgia Tech, and adopted for cyber security at Carnegie Mellon's Software Engineering Institute in the late 1980's. Network flow technology has become a critical part of modern cyber security and Argus is being used in some of the most important networks in the world. - last code around 2016 though. security links.
Papers:
- Botnet Detection and Prevention inSoftware Deļ¬ned Networks (SDN) usingDNS Protocol in (IJCSIS) International Journal of Computer Science and Information Security,Vol. 17, No. 5, May 2019
SDR - Software Defined Radio
- OpenWebRX -for listening to On-Line SDRs using a web browser. It is a web based server and interface for remotely accessing RTL-SDRs and SDRPlay's. Another link: Open Source SDR Web App for Everyone
- NYC Mesh - community-owned network for fast, affordable and fair access to the Internet - Most of the devices we use, such as a LiteBeam or NanoStation, are self-contained so they have an antenna, radio and ethernet router all in one.
(Page 1 of 1, totaling 4 entries)