MITM attack on localhost http server

So, I'll just dive right in. As part of a course on distributed systems I'm taking, we're coding a system with loadbalancer, a bunch of http servers, etc., and we're encrypting the connections with TLS/SSL. However, for my final report, I'd like to demonstrate a MITM attack on a version of our system, where I'll have removed all TLS/SSL, so it's running basic http.

How would I go about doing it? I know there are a bunch of tutorials and stuff for MITM attacks from Kali, but I haven't really found a tutorial on attacking a server running on your own system, since I suppose it's not something people would usually be interested in.

Say I had the balancer running at port 8000 and it was redirecting queries to different servers running at random ports in the 30000-65535 range, and I wanted to man in the middle anything from my request to the balancer or the request from balancer to server. How do i do this?

Touch here for the full post on Network Security Noblemen tumblr

Question on how IPS/IDS works (help me relieve my confusion)

So I might've confused myself a bit here but;

How does an IPS/IDS work. meaning, how does traffic bound for HOST A from an EXTRANAL HOST on the internet get stopped by the IPS?

Lets say I'm running security onion on a separate virtual machine and using snort to to monitor traffic going into my network. How does snort stop traffic going into HOST A since the traffic from the EXTTERNAL HOST is destined to HOST A and not my security onion machine.

Is traffic being routed first to my security onion machine?

If someone could explain in detail or link me to a source that'd be so awesome!

Thanks in advance!

Touch here for the full post on Network Security Noblemen tumblr

how to manage vulnerabilities

Hi

We have a fairly new and immature vulnerability management system at my organization and i been asked to come up with a method to prioritize and manage vulnerabilities that are being found in our systems. Now i understand that vulnerabilities need to be prioritized depending on asset criticality, what information does system have etc but what i dont get is how do i manage 500+ assets that are riddled with this one critical vulnerability as per cvss 3.1. that may be critical to some system but not to other. to explain consider following scenario:

A critical IE vulnerability is detected that is affecting 500 systems mix of servers and desktops.

Now management doesn't consider this vulnerability to be of critical state on servers since no one use IE on servers. For desktops it stays critical.

How do i review each single asset against a detected critical or even low vulnerability and come to a conclusion if its high, critical or not important. This is just an example which is very simple but some scenarios are more complex such as some servers are only facing internal and not outside etc.

What process is everyone using at their organization, that i can take away and purpose at my organizaiton.

Hope it makes sense what i am trying to ask!

Touch here for the full post on Network Security Noblemen tumblr

Is it legal to possess actual credential dumps/masses of stolen credentials?

Say, a large website gets hacked and all user email addresses and SHA1 hashed passwords are stolen and later "released" to the public–released as in, there is a torrent where you can obtain the credentials or a random hosting site. (For example, the MySpace hack).

Would it be illegal for someone to:

1) Download and possess these credentials and

2) give a presentation about the incident with the actual hashes used, so long as the email addresses are redacted?

I've searched for this, but maybe I used the wrong words because I can't quite find the results I'm looking for. Any answers with citations are GREATLY appreciated. Thanks so much.

Touch here for the full post on Network Security Noblemen tumblr