>> OpenBSD has always rocked for providing very current versions of >> snort. barnyard2 compiles cleanly on obsd. > > The funny thing is that I have a book on Snort on my reading list. Time > to read it. I'll checkout barnyard2 as well
There is a learning curve for sure. It's not something that most can set up in day or longer (I certainly didn't). It does give from you a view from Layer 7 down which is really what is needed anymore. Just to clarify, barnyard2 handles the unified2 output from snort. Compile it and check out the barnyard2.conf it generates and it will lead you to various utilities. You really don't need it right it away when you're getting started. A lot of these things require the patience to tune them or they will drive ya nuts with alerts ;) Just off the top my head a few links: www.team-cymru.org https://www.dshield.org http://emergingthreats.net/ https://www.grc.com/dns/dns.htm Working on cleaning up DNS via unbound/dnscrypt-proxy can help too. > If anyone reading this knows where I can read up on (those specific) > exploits, please let me know, perhaps I can figure out where my > vulnerability is/was if I know more about how they work. I stumbled upon malheur awhile back. No idea what to do with it, but it compiles easy on obsd. Since you found the malware files it might help. http://www.mlsec.org/malheur/