How to Alert on Rogue DHCP Servers
How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.
5 Tips For Monitoring Network Traffic on Your Network
Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
How to Detect Devices on Your Network Running Telnet Services
Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
Firewall Reporting Excessive SYN Packets? Check Rate of Connections
In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.
How to Detect BitTorrent Traffic on your Network
Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.
How to Troubleshoot Slow Network Issues With Network Traffic Analysis
In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.
Detection and Response
5 Tips If You Are Looking to Analyze & Monitor Network Traffic
There are many good reasons to monitor network traffic. Here are 5 areas you should consider when getting started. Learn more.
Project Sonar Study of LDAP on the Internet
The topic of today's post is a Rapid7 Project Sonar
[https://sonar.labs.rapid7.com/] study of publicly accessible LDAP services on
the Internet. This research effort was started in July of this year and various
portions of it continue today. In light of the Shadowserver Foundations's
recent announcement [https://ldapscan.shadowserver.org/] regarding the
availability relevant reports we thought it would be a good time to make some of
our results public. The study was originally intended to be a
3 Ways for Generating Reports on WAN Bandwidth Utilization
3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.
Rapid7's Data Science team, Live! from SOURCE Boston!
Suchin Gururangan [https://twitter.com/ssgrn] and I (I'm pretty much there for
looks, which is an indicator that Jen Ellis [/author/jen-ellis] might need
prescription lenses) will be speaking at SOURCE Boston
[http://www.sourceconference.com/#!boston-2016-agenda/cr0g] this week talking
about "doing data science" at "internet scale" and also on how you can get
started doing security data science at home or in your organization. So, come
on over to learn more about the unique challenges associate
User Behavior Analytics
[5 Min Demo] Expose Risky User Behavior from Endpoint to Cloud
How much visibility do you have across your network today? Today's security
teams use sophisticated tool stacks, but siloed solutions cannot cover the
sprawling network ecosystem of endpoint, network, and cloud services. Big data
solutions are capable of flexible integrations, but struggle with identifying
stealthy attacks (e.g. compromised credentials & lateral movement) without a
waterfall of false positives.
In addition to helping detect and investigate outside attacks, UserInsight
The End Of The Internet
On Sept 24th, ARIN announced
[https://www.arin.net/announcements/2015/20150924.html] it had finally run out
of IPv4 addresses. The open pool of IPv4 addresses is now gone, and the only way
to get them now is via a transfer from another party who owns them or IP ranges
which are returned to ARIN.
The switch to IPv6 is imminent. Once switched, the number of available public
addresses available will be roughly 4.2 x 10^37