Query about monitoring unknown Internet traffic
asad
a.alii85 at gmail.com
Sun Oct 18 06:11:44 UTC 2015
Let me add few points,
-> span traffic in/out of the system on network layer and give promiscuous
traffic for snort to scan.
-> for correlated analysis use siem i.e splunk
-> gather l4 stats using netflows tools i.e silk opensource
-> perhaps ubuntu is working on auto update?
-> If you have threat intelligence feed give it to check list of bad ips if
communication is made. Can it checked on system level or network at
firewall also.
Hope it helps.
On Sun, Oct 18, 2015 at 5:30 AM, <silver.bullet at zoho.com> wrote:
> On Sun, 18 Oct 2015 08:39:59 +0900, Joel Rees wrote:
> >There is a problem, of course, in trying to test a system with tools
> >on the system you are trying to test.
>
> That's true, nevertheless even most Windows viruses for Windows
> versions without an admin account could be detected by antivir
> software, running on an compromised Windows machine. Even NASA rockets
> and airliners might have self-tests within a system that are useful.
> It's a problem, but testing a system by itself not necessarily is
> futile, it just has got it's limits.
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20151018/1b6494d1/attachment.html>
More information about the ubuntu-users
mailing list