Highest Voted 'snort' Questions - Server Fault Stack Exchange

0

votes

1 answer

snort rule for rdp dos attack

i am very new in snort rules so i can't find the below rule exactly . is this rule send alert when tcp packets come from external network and any port to home network and port 3389? just check port , ip , protocol? if so , i think it can't detect…

asked Jul 29 '17 at 15:42

sahar

1
1
2

0

votes

1 answer

Snort and OSSEC Can't Run Simultaneously

I am trying to set up IDS on a system composed of AWS Ubuntu 16.04 instances. My HIDS is managed by OSSEC 2.8.1 and my NIDS is managed by Snort 2.9.9.0 (parsed by Barnyard2 version 2.1.14, which also manages the Syslog forwarding). On this instance…

rsyslog snort ossec

asked Jul 25 '17 at 00:12

Eric Hendrickson

1
1

0

votes

1 answer

How to make rule trigger on DNS rdata/IP address?

I currently have the following DNS Query Alert rule set up in Suricata (for test purposes): alert dns any any -> any any (msg:”Test dns_query option”; dns_query; content:”google”; nocase; sid:1;) Which is triggered when it captures DNS events…

domain-name-system snort

asked Jun 08 '17 at 17:18

Ahad Sheriff

133
9

0

votes

0 answers

Snort Installation Error

I am a newbie to Snort and doesnt have proper knowledge on installation and configuration of the same. I am following snort official document to install snort on an Ubuntu instance in AWS EC2. I have installed pre-requisites (DAQ) and flex and bison…

amazon-web-services ubuntu-16.04 snort

asked May 23 '17 at 06:33

serverstackqns

722
2
16
39

0

votes

1 answer

Configure my first vServer

I recently rented my first vServer (Ubuntu, LAMP + Webmin preinstalled). I need it because of a Java app I wrote that should run as a game server on it. I'm familiar with Ubuntu as I'm using it as my primary OS since 2 years. I'm also fimiliar with…

ubuntu mysql security firewall snort

asked Aug 27 '16 at 14:58

user2224350

111
4

0

votes

1 answer

Snort looking for invalid rules directory

I am in the middle of setting ups snort for the first time on Fedora 23. I have configured pulledpork for auto rules download. As you can see from the picture below, the test to see if pulledpork has worked tries to manually run Snort, which gives…

linux fedora snort

asked Mar 09 '16 at 09:27

Simkill

235
1
2
10

0

votes

1 answer

suricata TLS rule not ignoring my "pass" entry

I'm using this rule to skip suricata tls processing on a known SSL cert: pass tls any any <> any any (msg:"known good mydomain cert"; tls.fingerprint:"40:.(trimmed for serverfault).:8b"; sid:1000000; rev:1) Even with that, it's falling through to…

snort

asked Jan 29 '16 at 20:07

tedder42

833
1
9
19

0

votes

3 answers

Firewalling gateways and IDS's

For IDS, I plan to have a Win 2008 server running on the gateway with the majority of roles disabled. I plan to firewall the Internet connection, but I'd also like to install Snort to work as an IDS. However, I am guessing that regardless of the…

windows-server-2008 firewall snort ids

asked Oct 06 '09 at 05:30

Scott Davies

403
1
4
9

0

votes

1 answer

Snort: users are not able to login when Wordpress Login Bruteforcing rule is on

I got this wordpress login bruteforcing rule from https://rules.emergingthreats.net/open/snort-2.9.0/rules/emerging-web_server.rules alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Wordpress Login Bruteforcing…

wordpress snort

asked Aug 07 '15 at 00:42

kenpeter

177
1
6

0

votes

1 answer

PFSense / Snort / OpenVPN - one WAN interface

I have a pfsense box running both Snort and OpenVPN. The VPN worked great before installing Snort, now intermittently I cannot connect. Should I whitelist the port that the VPN uses on the WAN interface? Any comments on the configuration above? I…

openvpn pfsense wide-area-network snort

asked Jul 30 '15 at 20:57

cmdematos

299
1
4
12

0

votes

1 answer

SNORT: Is a PCRE on SSNs intensive

I'm trying to write a Snort rule to look for SSNs. Due to the limitations of the appliance in place I can not use the pre-processor settings. How intense would it be to run a PCRE rule for SSNs? This would essentially perform a regex comparison…

linux snort ips

asked Jul 20 '15 at 15:31

HatinCisco9234

1
1

0

votes

1 answer

How to use Snort generate packet logs when in the NIDS mode?

I am using Snort act like a network IDS by implementing snort configuration file and snort rules, I also want to capture all the packets (traffic) going through the specific network interface. My command is sudo snort -dev -P 65535 -i wlan0 -c…

linux security snort ids

asked Jul 20 '15 at 13:18

technoob

132
1
14

0

votes

1 answer

SNORT only alerting on inbound traffic

I am trying to raise an alert when someone is setting up a connection to PORT 25 (tcp), whatever source or destination. For this i came up with this simple rule: alert tcp any any -> any 25 (msg:"Email sent"; sid:10001337007;) From a Windows client…

email snort tcp

asked Jan 19 '15 at 22:27

Tommy

21
1

0

votes

1 answer

Snort in KVM machines

I have installed two physical machines with KVM virtualization using Red hat as OS ( h1 and h2). In h1 I have installed the virtual machines w1 and db1 and in h2 the virtual machines w2 , db1 and ids. The virtual machine ids contain snort as IDS…

kvm-virtualization snort

asked Dec 19 '14 at 13:38

Emilio Macias

109
1
3

0

votes

1 answer

setting up snort 2.9.x with barnyard2

These how to guides on the interent are outdated also the software it is relying on is not up to date with PHP5.5. I have done some hacks with ACID and ADODB to make part sof the gui to work. I have followed this guid to set up barnyard2…

centos6 php5 snort barnyard2

asked Jul 21 '14 at 11:44

shorif2000

357
1
7
26

Questions tagged [snort]