Posts tagged Networking

3 min Incident Detection

How to Alert on Rogue DHCP Servers

How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.

4 min Incident Detection

5 Tips For Monitoring Network Traffic on Your Network

Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.

2 min Incident Detection

MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis

Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic

2 min InsightIDR

How to detect SMBv1 scanning and SMBv1 established connections

How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.

3 min InsightIDR

How to Detect Devices on Your Network Running Telnet Services

Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.

3 min InsightIDR

How To Detect Unauthorized DNS Servers On Your Network

DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network

2 min Incident Detection

Firewall Reporting Excessive SYN Packets? Check Rate of Connections

In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.

2 min InsightIDR

How to Detect BitTorrent Traffic on your Network

Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.

3 min InsightIDR

How to Troubleshoot Slow Network Issues With Network Traffic Analysis

In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.

4 min Detection and Response

5 Tips If You Are Looking to Analyze & Monitor Network Traffic

There are many good reasons to monitor network traffic. Here are 5 areas you should consider when getting started. Learn more.

9 min Project Sonar

Project Sonar Study of LDAP on the Internet

The topic of today's post is a Rapid7 Project Sonar [] study of publicly accessible LDAP services on the Internet. This research effort was started in July of this year and various portions of it continue today.  In light of the Shadowserver Foundations's recent announcement [] regarding the availability relevant reports we thought it would be a good time to make some of our results public. The study was originally intended to be a

3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

1 min Networking

Rapid7's Data Science team, Live! from SOURCE Boston!

Suchin Gururangan [] and I (I'm pretty much there for looks, which is an indicator that Jen Ellis [/author/jen-ellis] might need prescription lenses) will be speaking at SOURCE Boston [!boston-2016-agenda/cr0g] this week talking about "doing data science" at "internet scale" and also on how you can get started doing security data science at home or in your organization.  So, come on over to learn more about the unique challenges associate

1 min User Behavior Analytics

[5 Min Demo] Expose Risky User Behavior from Endpoint to Cloud

How much visibility do you have across your network today? Today's security teams use sophisticated tool stacks, but siloed solutions cannot cover the sprawling network ecosystem of endpoint, network, and cloud services. Big data solutions are capable of flexible integrations, but struggle with identifying stealthy attacks (e.g. compromised credentials & lateral movement) without a waterfall of false positives. In addition to helping detect and investigate outside attacks, UserInsight sheds a s

3 min Networking

The End Of The Internet

On Sept 24th, ARIN announced [] it had finally run out of IPv4 addresses. The open pool of IPv4 addresses is now gone, and the only way to get them now is via a transfer from another party who owns them or IP ranges which are returned to ARIN. The switch to IPv6 is imminent. Once switched, the number of available public addresses available will be roughly 4.2 x 10^37 [