I realize this is a lamer/beginner question, but I’ve been attacked by a couple of addresses in China and I’m not sure how to close the hole. My snort logs (yes I’m using snort! I see you are impressed) show things like this: TCP Portscan [**] [122:1:0] (portscan) TCP Portscan [**] [Priority: 3] 11/09-06:48:46.652278 58.218.199.227 … Read more
Closed. This question needs details or clarity. It is not currently accepting answers. Want to improve this question? Add details and clarify the problem by editing this post. Closed 7 years ago. Improve this question I’m creating a lab for a project that will test a network security defense product’s effectiveness in detecting various attacks. … Read more
As part of a school project, we are supposed to run snort on a Ubuntu server in IDS mode and log the packets to rsyslog on a remote Ubuntu server. I have been searching for manuals/tutorials for a week now. I couldn’t find any helpful links. Any help would be greatly appreciated. Answer I’d suggest … Read more
i have an ubuntu system and i want to implement iptables as firewall, modsecurity as WAF and snort as IDS in this system and i have a server behind this system and i want to protect the server with this system. i want when the packet recieves first iptables process it then if is ok … Read more
I installed barnyard2 for snort, but when i run command below this error appear. [root@localhost snort]# barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort/ -f snort.log -w /etc/snort/bylog.waldo /etc/snort/gen-msg.map /etc/snort/sid-msg.map -C /etc/snort/classification.config Running in Continuous mode –== Initializing Barnyard2 ==– Initializing Input Plugins! Initializing Output Plugins! Parsing config file “/etc/snort/barnyard2.conf” +[ Signature Suppress list ]+ —————————- +[No entry … Read more
I am following this tutorial: https://help.ubuntu.com/community/SnortIDS I’ve set up the database, everything has installed correctly, and I’ve configured the snort.conf file so it outputs to a database (with creds all filled out ok). When I run /etc/init.d/snort start, it fails but does not produce any error message other than [fail]. The last few lines of … Read more
I’ve installed Snort, but can’t find the snort.conf file in both /ect/ and /usr/local/ (and don’t have snort directory in these location as well) Do you know where’s the snort.conf My version is 2.8.6 Answer Without configure options check /var/snort/install/snort-2.8.6 or below it. You can also run find / -type f -name snort.conf which will … Read more
Does anyone know if where I can download the snort rules for Fedora Core 13 x86_64 not i386, if they even exist? Thanks Answer rule sets are available from http://www.snort.org & http://www.bleedingsnort.com I believe your talking about repositories in Fedora, because rule sets are not architecture specific. Happy Hacking! AttributionSource : Link , Question Author … Read more
How can I specify mutliple ports to exclude from shellcode rules? I’m using the latest version of snort. I’m also interested in knowing which ports should generally be excluded. Answer For example: portvar SHELLCODE_PORTS [!80,!25] Works for me on snort 2.9.1.2. AttributionSource : Link , Question Author : keyoke , Answer Author : HopelessN00b
I want to add some rules or download some ready rules to detect DNS label Decoding DoS (Cross Reference at DNS decompression) can anyone know how can I do this? Answer I am not aware of any known DoS attacks against the label decoding/compression trick that DNS uses (references perhaps?). That said, you can design … Read more
