Blue Gradients

Big brother is watching you

Stefan FODOR(backb0ne fl00d3r )

Lucky-Day from May

Log

Overview

What is?

Example..

Iptables and logs

Introducing snort

Live Demo?

Question?

What are Log Files?

Records an eventNormal behavior

Warning

Errors

Other anomalies

Data usually saved Date+time

Code

Error/warning message

Program or user who generated it

Used toDebug

Trace errors

Check for intrusions

Statistics

/var/log

/var/log

Kernel Logs

Log, warn, err

dmesg

Web server

apt

logrotate

Dmesg messages from kernel

For the untrained eyes

For the trained eyes

File dependency legit request

Legit request

SQL injection?

?

iptables and log files

$ iptables -A INPUT -j LOG --log-level 4

Store iptables logs to /var/log/iptables.log

$ nmap 192.168.1.20

Nmap and iptables

Snort and log files

Installed snort

Set rules for nmap

Configured log file

BASE interface

Run nmap

Regular Nmap Scan

Stealth Scan + OS Det

Live Demo?

(As needed)

Questions?