To begin with, download Graylog OVA file and import it to your virtual machine. In this case, I use Oracle virtual box. This might take a while. When it’s finish, there will be a graylog in your VM. Click it and go to setting before starting it, and change the network connection to NAT so when it start, there won’t
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are 2 types of protocol. Both of them are used for sending packages over the internet, and both are build on top of internet protocol (IP). These protocols are not the only protocols that work on top of IP, but they are the most common protocols. Here are some description of both
If you ever wander how the to capture network attackers, then knowing about honeypot is a good thing. In computing, honeypot is a real or simulated system designed to attract attacks on itself. So basically, honeypot is a network system that act as a decoy to lure cyber attackers, detect, deflect or study hacking attempts. Honeypot rose in popularity back in late
In the previous posts, we have mention several topics related to network forensics. But, what exactly is network forensics itself? According to A Road Map for Digital Forensic Research, report from DFRWS 2001, Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion
Fast-flux is a service networks designed to dynamically change and obscure central malware server IP addresses. It makes blocking malicious traffic harder to defend and it harder for defenders to block malicious traffic tracking the central attacker servers. Usually, to detect and block malware, network administrator built and distribute blacklist “bad IP” addresses known to be hosting malware or acting
Similar to other forensic task, discovering and analyzing evidence from network sources has to be done in steps so that the results can be accurate. Forensic investigators should perform our activities within a methodological framework. According to Sherri Davidoff and Jonathan Ham in Network Forensics : Tracking Hackers through Cyberspace, the recommended way to recover a digital evidence is: Obtain information
To begin with, in DNS protocol there is a process of translating names like something.com into an IP address. One vulnerability of DNS is when this process happens, attacker can hijack this process take control of the session to, for example, send the user to the hijacker’s own malicious website. There is only one long-term solution to solve this vulnerability,
It is possible to reconstruct a website in a packet. To do that, first of all, try to filter the packet to see only HTTP protocol. This way, it is easier to see packets that has a website that we can construct. select a packet that has a website on it . Then, select a packet that has a website
Logs are important part of a system. Logs give information about that the system is up to. It is hard to manage log on a system with multiple host. Searching for an error across many log files is hard, specially without a good tool. Centralized log is a common answer to this problem. In centralized log, multiple logs can be
Wireshark is a free open source GUI protocol analyzer that can be downloaded for free. It enables users to interactively browse the data traffic on a computer network. Bellow is the default interface of Wireshark. It includes : Packet list Packet details Packet bytes example usage of wireshark: Filtering based on port number filtering based on protocol filtering based on http