USING ZEEK, OSSEC AND PF TO FIGHT NETWORK SCANS
Hi ! In the previous post, we saw how to use Zeek to detect port scans. The next logical step is therefore to try to block them.
ZEEK - TRACK PORT SCANS
Hi ! It’s time to talk a bit about the Zeek tool again. We all see port scans hitting our network equipment and/or servers, hence the idea of using Zeek to identify the IP addresses in question. At first glance, nothing serious, because these things happen at any time, even everyday occurrences. However, a harmful effect can arise if someone happens to discover an open (and forgotten) network port that, coincidentally, corresponds to something with a security vulnerability. Let us assume that we first want to identify the counterfeit IP addresses in question, and then, secondly, to block them at the network level. Let’s see how “Zeek” can come to the rescue and help us identify these kinds of things. I should mention that I will strive to document each line of the script as precisely as possible to make it easier to understand.
CLAUSEWITZ VS SUN-TZU APPLIED TO CYBERSPACE
Hi, Here is one way to consider (among others) the content of the two texts when applied to the field of cybersecurity.
'ON WAR' FROM CARL VON CLAUSEWITZ (PART 2)
Hi ! The theories of Carl von Clausewitz provide a powerful framework for understanding cybersecurity as a form of modern conflict shaped by uncertainty, politics, and strategic priorities. To concretely apply its principles to cybersecurity, you must stop viewing IT security as a purely technical issue and start treating it as a conflict of human wills.
'ON WAR' FROM CARL VON CLAUSEWITZ (PART 1)
Hi ! I. Overview of On War Published posthumously in 1832, On War is the most significant book on military strategy ever written in the West. Carl von Clausewitz, a Prussian general and veteran of the Napoleonic Wars, moved away from the “recipe-style” manuals of his era to provide a deep, philosophical analysis of the nature of conflict.
VISUALIZING DNS QUERY ENTROPY VIA A DENSITY GRAPH (DNS - PART 5)
Hi ! I recently discussed the use of entropy in relation to DNS queries and the benefits of calculating it. I will continue to present ways to visualize the entropy of DNS queries, this time using the concept of density.
THE ART OF WAR (PART 3)
Hi ! The Art of War by Sun Tzu is surprisingly well-suited to cybersecurity, not because networks resemble battlefields literally, but because the underlying logic of conflict, deception, and asymmetric advantage maps cleanly onto modern digital environments. In a previous article, I indicated that cybersecurity principles could be applied to the concepts discussed in the 13 chapters.
THE ART OF WAR (PART 2)
Hi ! In my previous post, I mentioned that “The Art of War” was taught at the military level. Here’s what my recent research indicates on the subject.
THE ART OF WAR (PART 1)
Hi ! In upcoming blog posts, we’ll be discussing two books that anyone working in cybersecurity should read.
VISUALIZING DNS QUERY ENTROPY VIA A SCATTERPLOT GRAPH (DNS - PART 4)
Hi ! I recently discussed the use of entropy in relation to DNS queries and the benefits of calculating it.