CALCULATING ENTROPY OF QUERIES (DNS - PART 3)
Hi ! Calculating DNS query entropy is an advanced cybersecurity technique to detect malicious activity that would go undetected with traditional filtering methods.
USING THE 'TRANCO' LIST (DNS - PART 2)
Hi ! What is Tranco? (https://tranco-list.eu/) Tranco is a high-quality, research-oriented list of the top one million websites. It was created by academic researchers to solve the reliability issues found in older, commercial rankings like Alexa or Cisco Umbrella.
LET'S TALK A LITTLE ABOUT 'DOMAIN NAME SYSTEM' (DNS - PART 1)
Hi ! If there’s one network protocol I find fascinating, not just because of the possibilities it offers in terms of attack and defense capabilities, it’s DNS.
USE ZEEK TO MONITOR CONNECTIONS TO SPECIFIC COUNTRIES
Hi ! I have spoken about “Zeek” many times in the past. One of its strengths (if not one of the most interesting in my opinion) is its scripting language, which allows it to be programmed to perform the tasks one wants. Let’s imagine we want to identify all network connections to and from “friendly” countries. Since I don’t want to ostracize anyone, I’m going to include everyone in a somewhat mixed group. What interests me most is seeing who, from my information assets, initiates outbound communications to the “trusted relationships” mentioned above. Please note, and I repeat, I have deliberately included both the “not-so-bright” ones, as a friend would say, and those considered more trustworthy.
WEBSITE REDESIGN
Hi ! I will gradually reorganize the naming and presentation of the various graphs available on this web server. The reason is that the more I add, the harder it is to find your way around.
OPENBSD - HANDLING UNWANTED SSH ACCESS
Hi ! Like many servers with an open SSH port on the Internet, there are always people/systems wanting to successfully connect. There are of course a whole bunch of possible security measures but I will talk here about a solution which has the merit of being able to apply to SSH and more if necessary.
ZEEK - ONE OF THE STRENGTHS OF THE TOOL, THE FINE MONITORING OF CONNECTIONS
Hi ! I can’t count the number of times that using the “conn state” and “history” fields together has allowed me to accurately diagnose what was happening on my network. One can only praise Zeek’s documentation which indicates precisely what is happening.
A NEW SERIES OF GRAPHS ON MEDICAL DATA COMING SOON: MONKEYPOX
Hi ! The Covid-19 pandemic being (for the moment) behind us, it is time to start graphing medical data again.
OPENBSD + 'R' - SOLVING 'HTTPUV' ISSUE
Hi ! In an old blog entry (“R - install packages in different ways”), I had indicated that I had encountered a bug with the installation of the “httpuv” software. In fact, by digging into the subject, it is not the software that is at fault but rather the compilation of another software that the latter uses. I am talking here about “libuv” which is necessary for “httpuv”. The simplest method I found (lazy mode) to solve this issue is to install “libuv” via an “OpenBSD” package.
ZEEK + R - GEOGRAPHIC ORIGINS OF CONNECTIONS TO A TOR RELAY
Hi ! Let’s use “Zeek” to see the geographic origins of connections to a Tor relay. Of course, I will use a Treemap representation to visualize things.