02-27-2020 ACM Webcast: Sniffing Traffic in Amazon EC2 with Traffic Mirroring

Active Countermeasures Webcast

02-27-2020

Sniffing Traffic in Amazon EC2 with Traffic Mirroring

Amazon EC2 is a great solution for quickly spinning up virtual machines. The only downside is that we lose our ability to leverage network based security tools that rely on decoding the packet stream, like traffic monitors and intrusion detection systems. Luckily, that no longer needs to be a thing.

In this webcast we will walk you through how to leverage Amazon’s VPC traffic mirroring and the VXLAN protocol to create a VM capable of monitoring the traffic to and from other VMs. The goal will be a monitoring system that is running Zeek, RITA and Suricata, so we have the ability to detect all sorts of nastiness.

We will even walk through how to test the system so that we are sure everything is working properly.

Check out our open source tool RITA prior to the webcast.

Download Slides: Presentations > >ACM_Webcasts >> SniffingTrafficinAmazonEC2withTrafficMirroring_02272020

Presented by: Chris Brenton & Bill Stearns

Timeline:

  • 00:00 –Intro
  • 04:18 –Traffic Mirroring
  • 07:55 –What is VXLAN
  • 16:20 –Configuration Overview
  • 26:27 –Configuration Walkthrough
  • 48:43 –Test Yourself Before You Wreck Yourself
AI-Hunter Datasheet
AI-Hunter Personal Demo
Subscribe to Our Blog
Archives

Sign up for email notifications of our new blog posts, threat hunting training, webcasts and other relevant information.

We are not spammy and you can unsubscribe at any time :)

* indicates required