Friday, August 24, 2012

Security Onion and Ubuntu 12.04.1

The current version of Security Onion is based on Ubuntu 10.04.  Ubuntu 12.04.1 was just released yesterday and is being offered to users of 10.04 as an upgrade.  Existing users of Security Onion should NOT accept this upgrade to 12.04!  This is untested, unsupported, and is likely to break your system.

We are currently working on the new version of Security Onion that is based on Ubuntu 12.04.1.  As a reminder, we won't be able to support in-place upgrades from Security Onion 10.04 to Security Onion 12.04.1 since most folks will be migrating from 32-bit to 64-bit.  Begin planning your migrations now.

For more details on the upcoming version of Security Onion, please see the following:

Friday, August 17, 2012

Dr. J's Poor Man DNS Anomaly Detection using Bro

Dr. Johannes Ullrich of the SANS Internet Storm Center posted a great DNS Anomaly Detection script based on the query logs coming from his DNS server. We can do the same thing with Bro's dns.log (where Bro captures all the DNS queries it sees on the network):