>> OpenBSD has always rocked for providing very current versions of
>> snort. barnyard2 compiles cleanly on obsd.
>
> The funny thing is that I have a book on Snort on my reading list. Time
> to read it. I'll checkout barnyard2 as well

There is a learning curve for sure. It's not something that most can
set up in day or longer (I certainly didn't). It does give from you a
view from Layer 7 down which is really what is needed anymore.

Just to clarify, barnyard2 handles the unified2 output from snort.
Compile it and check out the barnyard2.conf it generates and it will
lead you to various utilities. You really don't need it right it away
when you're getting started.

A lot of these things require the patience to tune them or they will
drive ya nuts with alerts ;)

Just off the top my head a few links:
www.team-cymru.org
https://www.dshield.org
http://emergingthreats.net/
https://www.grc.com/dns/dns.htm

Working on cleaning up DNS via unbound/dnscrypt-proxy can help too.

> If anyone reading this knows where I can read up on (those specific)
> exploits, please let me know, perhaps I can figure out where my
> vulnerability is/was if I know more about how they work.

I stumbled upon malheur awhile back. No idea what to do with it, but
it compiles easy on obsd. Since you found the malware files it might
help.

http://www.mlsec.org/malheur/

Reply via email to