![]() ![]() Of attacks that triggered alerts by SqueRT was much lower than the volume of Traffic is part of a larger grouping of reassembled traffic. Shows a mix of source IP's, but with different destination ports. The IP addresses of the attacker(s) were altered so that they appeared to comeĪbove image highlights some of the traffic that was captured by Wireshark. This suggests a Distributed Denial of Service attack occurred or that Originated from varying IP addresses that track back to locations all over the The attacks arrived within 150 seconds of each other and Host machine and IDSwakeup to fire traffic straight at my Security Onion VM andĢ50 potentially malicious packets were tracked arriving on the Security OnionĮth1 interface. Go to Security Onion was missing I had to repeat the test at home, using my Missing all traffic headed to 172.16.2.16. Was the host computer it also shows some OSPF packets, and traffic headed forġ72.16.2.14 which is another computer in the pod.Ĭapture, the actual pcap is almost empty, and, as the screen shot shows it is It shows a collection of traffic aimed for both 172.16.2.16 which is The first image shows the capture from the main Unfortunately the duplicated traffic is missing much of what wasĬaptured on the main interface. Session, with the copied traffic intended for the network IDS of Security Both ports (the main and the copy) were logged in separate Wireshark ![]() Traffic were: Wireshark, Snort, and the graphic Snort analyzers Snorby and SqueRT. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |