Justin JustinAzoff
JustinAzoff
/ terminate-connection.bro
Created
May 28, 2015 15:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module TerminateConnection; | |
| export { | |
| redef enum Notice::Type += { | |
| TerminatingConnection, # connection will be terminated | |
| TerminatingConnectionIgnored, # connection terminated disabled | |
| }; | |
| # Whether we're allowed (and/or are capable) to terminate connections | |
| # using "rst". |
JustinAzoff
/ dns_test.bro
Last active
August 29, 2015 14:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| redef exit_only_after_terminate = T; | |
| event test() | |
| { | |
| local src = 1.2.3.4; | |
| local dst = 8.8.8.8; | |
| local output = ""; | |
| if ( T ) | |
| { | |
| when ( local src_name = lookup_addr(src) ) |
JustinAzoff
/ tardiff.py
Last active
September 17, 2015 15:16
Diff a tar file with the current contents on the filesystem
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import difflib | |
| import sys | |
| import tarfile | |
| def read(fn): | |
| with open(fn) as f: | |
| return f.readlines() |
JustinAzoff
/ post_library.so.c
Created
December 5, 2015 19:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| american fuzzy lop - postprocessor library example | |
| -------------------------------------------------- | |
| Written and maintained by Michal Zalewski <lcamtuf@google.com> | |
| Copyright 2015 Google Inc. All rights reserved. | |
| Licensed under the Apache License, Version 2.0 (the "License"); | |
| you may not use this file except in compliance with the License. |
JustinAzoff
/ statsd_test.bro
Last active
December 21, 2015 13:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @load base/protocols/http | |
| @load base/protocols/ssh | |
| event connection_established(c: connection) | |
| { | |
| statsd_increment("bro.connection.established", 1); | |
| } | |
| event connection_rejected(c: connection) | |
| { |
JustinAzoff
/ rdp-scanners.bro
Created
January 7, 2016 14:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module RDP; | |
| export { | |
| redef enum Notice::Type += { | |
| BruteforceScan, | |
| }; | |
| global rdp_scanners_account = /[a-zA-Z]/ &redef ; | |
| redef rdp_scanners_account += /NCRACK_USER/ ; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| import time | |
| DEFAULT_LOG = "/usr/local/bro/logs/current/conn.log" | |
| def config(): | |
| print """ | |
| graph_category network |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ver = 2.4.1 | |
| all: package | |
| source: bro-$(ver).tar.gz | |
| unpack: bro-$(ver) | |
| deps: deps-stamp | |
| deps-stamp: |
JustinAzoff
/ regex_test.py
Created
February 12, 2016 20:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import re | |
| import sys | |
| regexes = [ | |
| "img.*jpg", | |
| "baz.*etc", | |
| ] | |
| compiled = [(r, re.compile(r)) for r in regexes] |
JustinAzoff
/ netstats_sum.py
Created
March 3, 2016 18:34
Aggragate netstats output across myricom workers accounting for their misreporting of dropped packets bug.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import re | |
| from collections import defaultdict | |
| totals = defaultdict(int) | |
| host_dropped = {} | |
| total_rx = total_drop = 0 |