[Zeek] help

cherish cherish_139 at foxmail.com
Thu Jul 25 05:41:13 PDT 2019


发自我的iPhone

------------------ Original ------------------
From: zeek-request <zeek-request at zeek.org>
Date: Sat,Jul 13,2019 4:07 PM
To: zeek <zeek at zeek.org>
Subject: Re: Zeek Digest, Vol 159, Issue 14



Send Zeek mailing list submissions to
zeek at zeek.org

To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
or, via email, send a message with subject or body 'help' to
zeek-request at zeek.org

You can reach the person managing the list at
zeek-owner at zeek.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Zeek digest..."


Today's Topics:

   1. Re: Query reagrding Bro Ids (Jim Mellander)
   2. Re: Query reagrding Bro Ids (Aashish Sharma)
   3. Re: Query reagrding Bro Ids (Manoj Petshali)


----------------------------------------------------------------------

Message: 1
Date: Fri, 12 Jul 2019 13:17:25 -0700
From: Jim Mellander <jmellander at lbl.gov>
Subject: Re: [Zeek] Query reagrding Bro Ids
To: Manoj Petshali <manoj.petshali at paytm.com>
Cc: Payments Network Team <payments.networkteam at paytm.com>,zeek
<zeek at zeek.org>
Message-ID:
<CADju=b7zCBZrTyKQU_axFxh7Pf=5onmWcvRjQ6fNhbG7f3NpbQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi Manoj:

The issue you described seems more on the networking side, rather than the
IDS side.  However, it seems likely that a much bigger issue that a
business like yours would face would be that of cybersecurity, in
particular, securing your servers from unauthorized intrusion and data
exfiltration.  In this, Zeek (the opensource IDS formerly known as Bro) can
play an important role in early detection of possible intrusions.

Hope this helps,

Jim

On Fri, Jul 12, 2019 at 1:33 AM Manoj Petshali <manoj.petshali at paytm.com>
wrote:

> Hi Team,
>
> Please respond as we need to implement the same at the earliest.
>
> Thanks
> Manoj Petshali
> Sr. Manager - Payments Engineering
> Mobile +91-9891066456
>
> www.paytm.com
>
>
>
> On Fri, Jul 12, 2019 at 10:21 AM Manoj Petshali <manoj.petshali at paytm.com>
> wrote:
>
>> Hi Team,
>>
>> I am very eager about the Bro and need to know below information :
>>
>> -We are working in india's biggest transactional system and facing many
>> issues e.g.
>>
>> : if some user request is coming from pubic or private network (Internal
>> request) and traverses across many servers and if user receives timeout (
>> e.g. connection time out, read time out ,rst etc) then we need to know the
>> deep analysis of the same means :
>>
>> : Why/where the request timed out ?
>> : Upto which hop the request travelled?
>> : Network latency between these hopes to know if the latency is the issue?
>> : tcp handshake and ssl handshake latency and the reason for the same?
>> : Applicatency latency ?  means if the network latency is fine
>>
>> We searched on wen and got feeling that the Bro is more oriented toward
>> security and do deep packe inspection.But we have many problems like above
>> to resolve .May you please let us know that how Bro can help us to resolve
>> above issues?
>>
>> Thanks
>> Manoj Petshali
>> Sr. Manager - Payments Engineering
>> Mobile +91-9891066456
>>
>> www.paytm.com
>>
>> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190712/b233dc24/attachment-0001.html 

------------------------------

Message: 2
Date: Fri, 12 Jul 2019 13:34:41 -0700
From: Aashish Sharma <asharma at lbl.gov>
Subject: Re: [Zeek] Query reagrding Bro Ids
To: Manoj Petshali <manoj.petshali at paytm.com>
Cc: Payments Network Team <payments.networkteam at paytm.com>,
zeek at zeek.org
Message-ID: <20190712203440.GH2789 at MacPro-2331.local>
Content-Type: text/plain; charset=us-ascii

Hello Manoj, 

you can sure use zeek to get more visibility into your traffic and connections.
It has a pretty good and powerful tcp analysis engine built into. I am sure zeek
can get you a lot of diagnostic data - I say that from our experience at
Berkeley Lab where we do a lot of proactive blocking and always rely on zeek's
conn.log (and similar) to look into connectivity issues.  So to me what you
seek, is not too difficult. 

The difficult part for you is going to be getting this traffic  into zeek or
putting taps/sensors at the right places. 

Do you have taps on the points you want to monitor ? 

Aashish 

On Fri, Jul 12, 2019 at 01:54:43PM +0530, Manoj Petshali wrote:
> Hi Team,
> 
> Please respond as we need to implement the same at the earliest.
> 
> Thanks
> Manoj Petshali
> Sr. Manager - Payments Engineering
> Mobile +91-9891066456
> 
> www.paytm.com
> 
> 
> 
> On Fri, Jul 12, 2019 at 10:21 AM Manoj Petshali <manoj.petshali at paytm.com>
> wrote:
> 
> > Hi Team,
> >
> > I am very eager about the Bro and need to know below information :
> >
> > -We are working in india's biggest transactional system and facing many
> > issues e.g.
> >
> > : if some user request is coming from pubic or private network (Internal
> > request) and traverses across many servers and if user receives timeout (
> > e.g. connection time out, read time out ,rst etc) then we need to know the
> > deep analysis of the same means :
> >
> > : Why/where the request timed out ?
> > : Upto which hop the request travelled?
> > : Network latency between these hopes to know if the latency is the issue?
> > : tcp handshake and ssl handshake latency and the reason for the same?
> > : Applicatency latency ?  means if the network latency is fine
> >
> > We searched on wen and got feeling that the Bro is more oriented toward
> > security and do deep packe inspection.But we have many problems like above
> > to resolve .May you please let us know that how Bro can help us to resolve
> > above issues?
> >
> > Thanks
> > Manoj Petshali
> > Sr. Manager - Payments Engineering
> > Mobile +91-9891066456
> >
> > www.paytm.com
> >
> >



> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek



------------------------------

Message: 3
Date: Sat, 13 Jul 2019 13:37:04 +0530
From: Manoj Petshali <manoj.petshali at paytm.com>
Subject: Re: [Zeek] Query reagrding Bro Ids
To: Aashish Sharma <asharma at lbl.gov>
Cc: Payments Network Team <payments.networkteam at paytm.com>,
zeek at zeek.org
Message-ID:
<CAENooKzrtMUKQWdqFu+PcFQCeNv-PLAH4NM_=t0nivw1hZJj7w at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi Ashish,

Thanks a lot for your response.
we do not have taps/sensors as of now. if we have taps placed at right
places , may you elaborate what kind of difficulty we may face?
Also let me know if we can filter and send the traffic (without payload)
according to our requirement e.g. flags only like syn, synack,ack, timeout
etc to zeek for troubleshooting.
May you please share some data/charts depicting the information we are
looking for (as per the trail mail ) so that we may proceed further.


Thanks
Manoj Petshali
Sr. Manager - Payments Engineering
Mobile +91-9891066456

www.paytm.com



On Sat, Jul 13, 2019 at 2:04 AM Aashish Sharma <asharma at lbl.gov> wrote:

> Hello Manoj,
>
> you can sure use zeek to get more visibility into your traffic and
> connections.
> It has a pretty good and powerful tcp analysis engine built into. I am
> sure zeek
> can get you a lot of diagnostic data - I say that from our experience at
> Berkeley Lab where we do a lot of proactive blocking and always rely on
> zeek's
> conn.log (and similar) to look into connectivity issues.  So to me what you
> seek, is not too difficult.
>
> The difficult part for you is going to be getting this traffic  into zeek
> or
> putting taps/sensors at the right places.
>
> Do you have taps on the points you want to monitor ?
>
> Aashish
>
> On Fri, Jul 12, 2019 at 01:54:43PM +0530, Manoj Petshali wrote:
> > Hi Team,
> >
> > Please respond as we need to implement the same at the earliest.
> >
> > Thanks
> > Manoj Petshali
> > Sr. Manager - Payments Engineering
> > Mobile +91-9891066456
> >
> > www.paytm.com
> >
> >
> >
> > On Fri, Jul 12, 2019 at 10:21 AM Manoj Petshali <
> manoj.petshali at paytm.com>
> > wrote:
> >
> > > Hi Team,
> > >
> > > I am very eager about the Bro and need to know below information :
> > >
> > > -We are working in india's biggest transactional system and facing many
> > > issues e.g.
> > >
> > > : if some user request is coming from pubic or private network
> (Internal
> > > request) and traverses across many servers and if user receives
> timeout (
> > > e.g. connection time out, read time out ,rst etc) then we need to know
> the
> > > deep analysis of the same means :
> > >
> > > : Why/where the request timed out ?
> > > : Upto which hop the request travelled?
> > > : Network latency between these hopes to know if the latency is the
> issue?
> > > : tcp handshake and ssl handshake latency and the reason for the same?
> > > : Applicatency latency ?  means if the network latency is fine
> > >
> > > We searched on wen and got feeling that the Bro is more oriented toward
> > > security and do deep packe inspection.But we have many problems like
> above
> > > to resolve .May you please let us know that how Bro can help us to
> resolve
> > > above issues?
> > >
> > > Thanks
> > > Manoj Petshali
> > > Sr. Manager - Payments Engineering
> > > Mobile +91-9891066456
> > >
> > > www.paytm.com
> > >
> > >
>
>
>
> > _______________________________________________
> > Zeek mailing list
> > zeek at zeek.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190713/c66ed52a/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noname
Type: image/png
Size: 944 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190713/c66ed52a/attachment.bin 

------------------------------

_______________________________________________
Zeek mailing list
Zeek at zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek


End of Zeek Digest, Vol 159, Issue 14
*************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190725/a478ed69/attachment-0001.html 


More information about the Zeek mailing list