Highest Voted 'snort' Questions - Server Fault Stack Exchange

0

votes

1 answer

flowbits in snort added because of quality standard

I'm having trouble reading a rule. Specifically, where is a flowbits GROUP_NAME defined? I was reviewing my squert screens from securityonion and noticed the following: 3618 ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 The SID…

snort

asked Jul 15 '14 at 19:16

frustration

1
1

0

votes

1 answer

Running Snort on Hyper-V

After spinning up a VM for Snort (actually BT5..) and starting snort, I'm getting numerous of these: SNMP Public Access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.50.61097 -> 192.168.1.47:161" Where the .50…

windows-server-2008-r2 hyper-v snort

asked Apr 30 '14 at 20:11

user1524252

1
1

0

votes

1 answer

Snort logging mode - How to define subnets

I am using snort to log all traffic on an interface snort -i eth1 -l /interface/log/dir -b -U -m 112 With this command I manage to get ALL data which makes my log files very large. Is there any way to tell snort only to output packets which come…

logging snort

asked Feb 26 '14 at 11:51

user2284355

455
2
10
23

0

votes

2 answers

How do I set Securityonion/snort to not capture certain packets?

After looking through my pcaps from Security onion I'd like to filter out a host (let's call it 192.168.4.4) and filter out some traffic (ports 80 & 443), current project is to look at other traffic not web related. running tcpdump/windump I can do…

linux-networking configuration snort pcap

asked Jan 30 '14 at 14:44

tkrabec

300
1
6

0

votes

1 answer

Snort configuration

I'm trying to configure Snort on a security probe and I am having an error: FATAL ERROR: database: mysql_error: Can't connect on MYSQL server on "x" (111). I have set up the account with privileges and I think the problem is now with the snort…

mysql snort

asked Sep 12 '13 at 08:08

bigl

113
3

0

votes

1 answer

Should I Install Snort on my web server?

I've been thinking about installing snort on my dedicated server. I got about 100 domains/clients. What should I be considering here for pros and cons? Memory usage, bandwidth impact?

snort

asked Jun 20 '13 at 16:38

needle_in_thestack

49
1
4

0

votes

2 answers

How to properly drop ICMP type 3 packets on possible DDoS attack?

Even after running iptables -A INPUT -p icmp -m icmp --icmp-type 3 -j DROP I keep getting ICMP type 3 code 13 packets on tcpdump. when I run tcpdump icmp, I get messages like: 19:41:31.923630 IP NAMESOURCE > MY_NAME: ICMP net IP_SOURCE…

iptables ddos icmp snort

asked May 02 '13 at 19:52

Diogo Melo

162
1
7

0

votes

1 answer

OSSIM Alarms for Snort rules

I'm new to OSSIM. My requirement is to detect executable files (.exe) using snort. I have found a snort rule: alert tcp any any -> any any (msg: "DLL Windows file download"; flow: established; content:"MZ";isdataat: 76,relative;content:"This…

snort ossim

asked Apr 28 '13 at 11:52

user851157

1
3

0

votes

1 answer

Using Snort without a port mirrored switch

I am trying to set up a Snort IDS on a virtual machine for my lab. My problem is that normally, these kinds of IDS are connected to the mirrored port of a switch. My lab has no such device. Here is my topology: [Internet]->[Linux…

linux firewall snort ids

asked Mar 04 '13 at 03:23

m6a-uds

147
1
1
7

0

votes

2 answers

snort-mysql not starting on Ubuntu server

I am following this tutorial: https://help.ubuntu.com/community/SnortIDS I've set up the database, everything has installed correctly, and I've configured the snort.conf file so it outputs to a database (with creds all filled out ok). When I run…

snort

asked Sep 04 '12 at 21:36

Rsaesha

360
3
10

0

votes

1 answer

snort intrusion detection

Hi im trying to use snort as an IDS on some pcap files I have, I was hoping I would get a log of any intrusions. I know for a fact that there is port scans and ping sweeps etc in the pcap files but when I try this command: C:\Snort\bin> snort -r…

security networking ids snort

asked Jul 17 '12 at 21:45

G Gr

101
1

0

votes

1 answer

Snort: not logging anything

My site seems to be the target of quite a bit of probing over the last few months. In an attempt to get a better handle on this I installed SNORT on one of the machines that has external exposure. Something must not be installed correctly as I see…

centos snort

asked Jun 05 '12 at 16:31

ethrbunny

2,327
4
36
72

0

votes

1 answer

How can I detect DNS label Decoding DoS (Cross Reference at DNS decompression) with Snort?

I want to add some rules or download some ready rules to detect DNS label Decoding DoS (Cross Reference at DNS decompression) can anyone know how can I do this?

snort

asked May 27 '11 at 11:55

Amirreza

664
1
7
12

0

votes

1 answer

how to do fragmentation attack via ubuntu machine

I wish to test my system which has snort installed on it. I want to do fragmentation attack such as tiny fragment attack and wish that it should be logged by snort. any suggestions? any graphical software available ?

snort fragmentation

asked May 06 '11 at 08:58

Arihant

191
1
2
6

0

votes

1 answer

Snort Excluding Multiple Ports From ShellCode rules

How can I specify mutliple ports to exclude from shellcode rules? I'm using the latest version of snort. I'm also interested in knowing which ports should generally be excluded.

snort

asked Apr 19 '11 at 11:16

keyoke

277
1
4
12

Questions tagged [snort]