SlideShare une entreprise Scribd logo

IPLOG-BSides-DE-2014

L
Leo Jotib
1  sur  13
Télécharger pour lire hors ligne
IPLOG? A beginner's IDS for the WIN! IPLOG, provides the beginner sysadmin with actionable network intelligence, without the complexities of more advanced IDS solutions.
Actionable & Timely Intel. The sole purpose of IDS. ● Open Source Solutions – Suricata – TcpDump / Wireshark – SNORT – IPLOG
The Problems ● Suricata. – It exists, that's all I know about it. – If you know more about it, be ready for the Q & A! – Next point. :-) ● TcpDump / Wireshark. – Skills ● Can you read a pcap like a book? ● Can you dissect TCP/IP in your head? ● We are at a BSides, maybe some of you can. – Speed ● Can you do all the above at 10 MB/s? ● Actionable? Yes. Timely? No.
The Problems Contd SNORT Complexity ● IDS - SNORT has LOTS of options. ● Rule Management. – Which set or sets? ● Community. ● ET. ● VRT. ● Custom. – Which update solution? ● Oinkmaster. ● Pulled Pork.
The Problems Contd SNORT Complexity Contd ● Logs - Here comes LOTS of DATA! – Which DB? ● Mysql. ● Postgresql. – SNORT -> DB interface? - Barnyard2 ● A Web APP – Web Server Deployment. – Web App Deployment. – Some Web Apps. ● BASE ● Snorby ● Sguil
The Problems Contd SNORT Contd ● Skills – Learn everything just mentioned. – Tune your rule sets to eliminate the noise. ● Speed. – Actionable? Yes. – Timely? Yes. ● After your rule set is tuned. ● After you get current on the logs. :-)
A solution, IPLOG. What is IPLOG? ● Open Source Software. ● Written by Ryan McCabe in 2000. ● http://ojnk.sourceforge.net ● Simple, but not tcpdump.
IPLOG What does it do. ● Connection Logging ● Scan Detection – TCP Port Scans. – TCP SYN Scans. – TCP null Scans. – FIN Scans. – TCP "Xmas" Scans. – UDP Scans. ● Attack Detection – ICMP ping floods. – UDP and ICMP "smurf" attacks. – IP fragment attacks. – Bogus TCP flags. ● NMAP Scan evasion. ( Experimental )
IPLOG Logging ● Syslog or text file ● Log Sample Jan 1 00:26:25 TCP: Bogus TCP flags set by 157.55.33.14:28256 (dest port 80) Jan 1 02:24:03 UDP: scan/flood detected [port 500] from 124.126.133.120 [port 500] Jan 1 02:24:10 ICMP: 194.187.150.110 time exceeded (udp: dest port 32887, source port 51413) Jan 1 02:24:44 ICMP: 196.200.48.10 time exceeded (tcp: dest port 63473, source port 47785) Jan 1 02:24:45 ICMP: 196.200.48.10 time exceeded (tcp: dest port 63473, source port 44733) Jan 1 02:25:09 UDP: scan/flood mode expired for 124.126.133.120 - received a total of 36 packets (14616 bytes). Jan 1 02:26:18 ICMP: echo from 129.82.138.44 (12 bytes) Jan 1 02:26:26 ICMP: 194.187.150.110 time exceeded (udp: dest port 51731, source port 51413) Jan 1 02:29:15 last message repeated 1 times Jan 1 02:29:15 TCP: ms-sql-s connection attempt from 115.239.226.51:6000 Jan 1 02:30:26 UDP: dgram to isakmp from 124.126.133.120:500 (412 data bytes) Jan 1 02:30:26 UDP: dgram to isakmp from 124.126.133.120:500 (384 data bytes)
IPLOG Misc. ● Can filter out noise. – Config Example. # gtld Name Servers ignore udp from 192.5.6.30 sport 53 ignore udp from 192.12.94.30 sport 53 ignore udp from 192.26.92.30 sport 53 ignore udp from 192.31.80.30 sport 53 ignore udp from 192.33.14.30 sport 53 ignore udp from 192.35.51.30 sport 53 ● A newer version of IPLOG. ( 2.2.5 ) http://www.cmpublishers.com/oss
Contact Information. ● Email: nathan@cmpublishers.com ● Twitter: @Christ_Media ● Linkedin: linkedin.com/in/nategibbs ● Slideshare: slideshare.net/NathanGibbs3
Thank You! ● Jesus Christ. ● BSides DE. ● Ryan McCabe.
Q & A

Recommandé

IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015Leo Jotib
 
IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!Nathan Gibbs
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 

Recommandé

IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015Leo Jotib
 
IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!IPLOG? A beginner's IDS for the WIN!
IPLOG? A beginner's IDS for the WIN!Nathan Gibbs
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitableMohammed Akbar Shariff
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
NMap
NMapNMap
NMapPritesh Raka
 
Nmap commands
Nmap commandsNmap commands
Nmap commandsKailash Kumar
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautamn|u - The Open Security Community
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmapAshish Jha
 
Nmap
NmapNmap
NmapMegha Sahu
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basicsamiable_indian
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Nmap
NmapNmap
NmapFat-Thing Gabriel-Culley
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting enginen|u - The Open Security Community
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 
Nmap
NmapNmap
NmapNishaYadav177
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 
IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015Leo Jotib
 
Enei
EneiEnei
EneiTiago Henriques
 
100 M pps on PC.
100 M pps on PC.100 M pps on PC.
100 M pps on PC.Redge Technologies
 

Contenu connexe

Tendances

Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmapAshish Jha
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawRedspin, Inc.
 

Tendances (19)

Nmap
NmapNmap
Nmap
 
NMap
NMapNMap
NMap
 
Nmap commands
Nmap commandsNmap commands
Nmap commands
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
N map presentation
N map presentationN map presentation
N map presentation
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
NMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit GautamNMAP by Shrikant Antre & Shobhit Gautam
NMAP by Shrikant Antre & Shobhit Gautam
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Network scanning with nmap
Network scanning with nmapNetwork scanning with nmap
Network scanning with nmap
 
Nmap
NmapNmap
Nmap
 
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Nmap
NmapNmap
Nmap
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-Wireshark
 
Nmap
NmapNmap
Nmap
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 

Similaire à IPLOG-BSides-DE-2014

IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015Leo Jotib
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a countryTiago Henriques
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionPawel Krawczyk
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PROIDEA
 
How Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network ProtocolHow Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network Protocolssuserc49ec4
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...PROIDEA
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDKKernel TLV
 
SNMP Demystified Part-I
SNMP Demystified Part-ISNMP Demystified Part-I
SNMP Demystified Part-IManageEngine
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSVipin Varghese
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
SMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgiSMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgiTakuya ASADA
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018DevOpsDays Tel Aviv
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsJean-Frederic Clere
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 

Similaire à IPLOG-BSides-DE-2014 (20)

IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015IPLOG-BSidesROC-2015
IPLOG-BSidesROC-2015
 
Enei
EneiEnei
Enei
 
100 M pps on PC.
100 M pps on PC.100 M pps on PC.
100 M pps on PC.
 
How to dominate a country
How to dominate a countryHow to dominate a country
How to dominate a country
 
Preso fcul
Preso fculPreso fcul
Preso fcul
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
Security Onion Advance
Security Onion AdvanceSecurity Onion Advance
Security Onion Advance
 
How Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network ProtocolHow Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network Protocol
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
 
SNMP Demystified Part-I
SNMP Demystified Part-ISNMP Demystified Part-I
SNMP Demystified Part-I
 
DPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDSDPDK layer for porting IPS-IDS
DPDK layer for porting IPS-IDS
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 
SMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgiSMP implementation for OpenBSD/sgi
SMP implementation for OpenBSD/sgi
 
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projects
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 

IPLOG-BSides-DE-2014

  • 1. IPLOG? A beginner's IDS for the WIN! IPLOG, provides the beginner sysadmin with actionable network intelligence, without the complexities of more advanced IDS solutions.
  • 2. Actionable & Timely Intel. The sole purpose of IDS. ● Open Source Solutions – Suricata – TcpDump / Wireshark – SNORT – IPLOG
  • 3. The Problems ● Suricata. – It exists, that's all I know about it. – If you know more about it, be ready for the Q & A! – Next point. :-) ● TcpDump / Wireshark. – Skills ● Can you read a pcap like a book? ● Can you dissect TCP/IP in your head? ● We are at a BSides, maybe some of you can. – Speed ● Can you do all the above at 10 MB/s? ● Actionable? Yes. Timely? No.
  • 4. The Problems Contd SNORT Complexity ● IDS - SNORT has LOTS of options. ● Rule Management. – Which set or sets? ● Community. ● ET. ● VRT. ● Custom. – Which update solution? ● Oinkmaster. ● Pulled Pork.
  • 5. The Problems Contd SNORT Complexity Contd ● Logs - Here comes LOTS of DATA! – Which DB? ● Mysql. ● Postgresql. – SNORT -> DB interface? - Barnyard2 ● A Web APP – Web Server Deployment. – Web App Deployment. – Some Web Apps. ● BASE ● Snorby ● Sguil
  • 6. The Problems Contd SNORT Contd ● Skills – Learn everything just mentioned. – Tune your rule sets to eliminate the noise. ● Speed. – Actionable? Yes. – Timely? Yes. ● After your rule set is tuned. ● After you get current on the logs. :-)
  • 7. A solution, IPLOG. What is IPLOG? ● Open Source Software. ● Written by Ryan McCabe in 2000. ● http://ojnk.sourceforge.net ● Simple, but not tcpdump.
  • 8. IPLOG What does it do. ● Connection Logging ● Scan Detection – TCP Port Scans. – TCP SYN Scans. – TCP null Scans. – FIN Scans. – TCP "Xmas" Scans. – UDP Scans. ● Attack Detection – ICMP ping floods. – UDP and ICMP "smurf" attacks. – IP fragment attacks. – Bogus TCP flags. ● NMAP Scan evasion. ( Experimental )
  • 9. IPLOG Logging ● Syslog or text file ● Log Sample Jan 1 00:26:25 TCP: Bogus TCP flags set by 157.55.33.14:28256 (dest port 80) Jan 1 02:24:03 UDP: scan/flood detected [port 500] from 124.126.133.120 [port 500] Jan 1 02:24:10 ICMP: 194.187.150.110 time exceeded (udp: dest port 32887, source port 51413) Jan 1 02:24:44 ICMP: 196.200.48.10 time exceeded (tcp: dest port 63473, source port 47785) Jan 1 02:24:45 ICMP: 196.200.48.10 time exceeded (tcp: dest port 63473, source port 44733) Jan 1 02:25:09 UDP: scan/flood mode expired for 124.126.133.120 - received a total of 36 packets (14616 bytes). Jan 1 02:26:18 ICMP: echo from 129.82.138.44 (12 bytes) Jan 1 02:26:26 ICMP: 194.187.150.110 time exceeded (udp: dest port 51731, source port 51413) Jan 1 02:29:15 last message repeated 1 times Jan 1 02:29:15 TCP: ms-sql-s connection attempt from 115.239.226.51:6000 Jan 1 02:30:26 UDP: dgram to isakmp from 124.126.133.120:500 (412 data bytes) Jan 1 02:30:26 UDP: dgram to isakmp from 124.126.133.120:500 (384 data bytes)
  • 10. IPLOG Misc. ● Can filter out noise. – Config Example. # gtld Name Servers ignore udp from 192.5.6.30 sport 53 ignore udp from 192.12.94.30 sport 53 ignore udp from 192.26.92.30 sport 53 ignore udp from 192.31.80.30 sport 53 ignore udp from 192.33.14.30 sport 53 ignore udp from 192.35.51.30 sport 53 ● A newer version of IPLOG. ( 2.2.5 ) http://www.cmpublishers.com/oss
  • 11. Contact Information. ● Email: nathan@cmpublishers.com ● Twitter: @Christ_Media ● Linkedin: linkedin.com/in/nategibbs ● Slideshare: slideshare.net/NathanGibbs3
  • 12. Thank You! ● Jesus Christ. ● BSides DE. ● Ryan McCabe.
  • 13. Q & A