Be it a Ping Flood or SYN Flood or any other DoS attack, the first step towards detecting a DoS attack is detecting an anomaly in network traffic in your system. That is the first ever sign that can indicate your system may be having a DoS attack.
If you can monitor the network traffic in your system, and get informed about an anomaly well in advance, you can take action and probably, you still can prevent the attack.
In this article, I will show you, how to make your own tool of monitoring network traffic in your system that can alert you when there is a sudden increase in abnormal traffic.
Again, my system is a Ubuntu one, and here I will use, a simple utility called tcpstat along with shell script. Please note that, my intention is to show you a basic tool, based on which you can make your own IDS or IPS.
Firstly, you need to install tcpstat in your system.
# sudo apt-get install tcpstat
Now, run this simple command in your terminal :
# sudo tcpstat -i eth1
You may have to select appropriate network interface for your system.
You will see, in every 5 second tcpstat will give you few information like, number of network packets, bps etc.
This tcpstat has an option ‘-o’ through which you can specify the output formatting.
Here, I will use the format “%n” which will give me number of packets in each 5 seconds.
Next, I will redirect the output in a file and in a while loop I will see the last line in the file, which gives, number of packets in last 5 seconds. And then, I will compare the number with a threshold.
I have experimented with few attacks, and determined the threshold to be 20,000 in my system.
Next, the job is simple. If the traffic goes beyond the threshold, set a flag. And if the increased traffic continues for a time, say, 15 seconds, I know, it is time for action to be taken. The action may be, setting a temporary new iptables rules or analyzing the traffic further.
So, how does the script look like? Please find it below.
sudo tcpstat -i eth1 -o “%n\n” > ofile &
THRESHOLD=`tail -1 ofile`
#echo “THRESHOLD is: $THRESHOLD”
if [ $THRESHOLD -gt 20000 ]
if [ $INTERVAL -gt 3 ]
echo -e “Take Action!\n”
echo “Excess traffic”
This was a very simple script, but you can use it for further improvement.
Hope you found it useful!
You get what you pay for in the cybersecurity industry, but bug bounty programs are not just about the money, according to new research.
In today’s world, where data breaches and information leaks have come close to a daily occurrence, it is too easy to merge the terms “cybercriminal” and “hacker.” However, they are not one and the same — someone who breaks into networks without consent, for example, is a criminal, while hackers tackle problems, may work with companies to shore up their defenses, investigate malware and find product vulnerabilities so vendors can improve the security of their products.
This is why bug bounties are becoming more and more popular. By offering security researchers financial incentives, companies ranging from Apple to United Airlines are able to tap into a pool of external experts rather than rely purely on in-house staff to find every security flaw in networks and software which could place the corporation — and customers — at risk.
The bug bounty program says that out of 617 researchers surveyed, all of which have submitted valid security flaws to various programs, 72 percent say they do it purely for the money — but 70 percent said they also hacked for the fun of it, and 66 percent enjoy the challenge bug bounty programs offer.
In addition, 51 percent said they hack “to do good in the world.”
While bug bounty schemes can be lucrative, with almost 11 percent of respondents making over $50,000 per year and six percent making more than $100,000 per year, over half of hackers — 57 percent — have participated in programs in the last six months which offer no financial reward at all.
In total, 17 percent of respondents said they rely solely on bug bounty program to stay afloat, and 26 percent said that between 76 percent and 100 percent of their income comes from bug bounty rewards. (However, it is worth noting that 27 percent of respondents were not willing to share their income levels.)
It also seems that company loyalty comes into play. In total, over 30 percent of respondents claims they participate in particular bug bounty programs because they like a company and want to help out.
Hackers can be found worldwide. On the HackerOne platform, contributors come from over 100 countries, with the majority in India — 21 percent — followed by the US at 19 percent. The majority of hackers report themselves to be under 34 years old.
Cyberthreats are not going away anytime soon. For as long as cybercriminals ranging from script kiddies to state-sponsored threat actors exist, security experts are going to be needed — and while you get what you pay for, it is also good to know that many researchers do it for the love of the job.
Linux kernel.org Hacker Arrested After Traffic Stop
So it seems the alleged kernel.org hacker has finally been caught, kinda by accident after being stopped for a traffic violation. It was quite a high profile hack, especially in the open source community as anyone downloading kernel files during that period could have theoretically been compromised. It’s unlikely the kernel code was actually…
DBPwAudit – Database Password Auditing Tool
DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used…
Dropbox Hacked – 68 Million User Accounts Compromised
So was Dropbox Hacked? There was some rumours going around last week after it sent out a password reset e-mail warning to all users. It seems like it’s limited to users who were active in 2012 and the only ones who would be in trouble are as usual, those who haven’t changed their password since […]
Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset
The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. The ETOpen Ruleset is not a full coverage ruleset, and may not be sufficient for many regulated environments and should not be used as a standalone ruleset. The ET Open…
Securing The Future Of Your Small Business- Tips And Tricks
When it comes to small businesses, there are so many things that you need to consider, sometimes even more than you do for big businesses. For one thing, if a big business like Home Depot can get hacked and shopper’s info might get stolen, this can surely happen to a small business as well. Also, your small business may not have as much product or money behind it as a big corporation, meaning you have less far to fall when it comes to business failure.
The thing is, you don’t want your business to fail. If people went into business with the idea it would fail, they’d probably think twice about starting in the first place. You can do things to help protect your business from the potential of failure though. Here are some things that all small businesses should consider when it comes to starting a secure business with staying power.
Consider Your Funds And Assets
Starting a business isn’t cheap, and neither is keeping one going. You may need to consider getting a loan to keep your business afloat, at some point. There are many reasons a small business might need a loan, from getting started to upgrading to better equipment.
Yes, even your equipment, and other assets, are important when it comes to securing your business’s future. You need to make sure that the stuff you has works and is allowing you to put out the best possible products and services. This can mean having great office equipment or the right company vehicle.
Protect Your Clients
Securing your business also means making sure that your clients and customers are secure as well. That means using security measures when it comes to protecting their information, whether it’s credit card numbers or their home addresses. Make sure to invest in good internet security that you can trust.
Always Be Expanding
If your business gets stagnant, it could start to fail. Find ways to always be expanding, whether it’s new products and services, or new advertising and event planning. Have a clearance event, and then introduce a new and improved product line.
Invest In Your Future
Events, like open houses, are a great way to invest in the future of your business. So is investing in advertising. If you aren’t getting the name and intentions of your business out there to people, no one will be shopping with you. Advertise both online and off to reach the most potential customers.
Investing in the future of your business also means making sure that you are offering the best of products and services, If that means purchasing new equipment, then do it. Make sure that you have your businesses best in mind, as well as the best intentions when it comes to what you are offering to your customers.
Bearded – Security Automation Platform
Bearded is an open source Security Automation platform. The platform allows Development, QA, and Security team members to perform automated web security scans with a set of tools, and re-execute those scans as needed. All tools can be executed in the cloud in docker containers. Bearded has a default web interface which integrates all core…
An Introduction To Web Application Security Systems
In the world of web application security systems, there exists a myriad of systems to protect public-facing services in any number of ways. They come packed with all the elements necessary to play an action-packed round of buzzword bingo, but they often overlap in some ways that may make them sometimes seem similar. After the second […]