Collaborate Disseminate
I’m trying to create a Snort rule that alerts me when users on my network visit certain prohibited websites. I have a partially working rule, but I’m encountering issues with the HTTP protocol specifically.
What works
My rule works when mo… Continue reading Snort rule is not working correctly. It needs to alert when htpps page is accessed [closed]
I can get an alert to work using port 442 but when I add http, I get nothing. I must not be using the right syntax.
I’m trying to create a Snort rule that alerts me when users on my network visit certain prohibited websites. I have a partially working rule, but I’m encountering issues with the HTTP protocol specifically.
What works
My rule works when mo… Continue reading Snort rule to detect HTTP visits to specific prohibited websites [closed]
I have set up a virtual lab using VMware with the following machines:
Ubuntu (Running Snort for intrusion detection)
Kali Linux (Used as the attacking machine)
Metasploitable 2 (Hosting Mutilidae, a vulnerable web application)
All machin… Continue reading Snort Not Detecting SQL Injection Attempts on Mutilidae [closed]
I’m trying to configure Snort (version 2.9.20) to detect SQL injection attempts. I’ve set up Apache2, PHP (8.3.6), MySQL (8.0.40), and Mutillidae to simulate SQL injection attacks via a form. While Snort successfully detects ICMP (ping) an… Continue reading Snort not detecting SQL injection alerts despite proper configuration
I saw on the snort manual an setting for the Session global processor called flush_on_alert that I’m interested in. However, when I tried to edit snort.conf to add the setting, I recieved an error upon running snort.
ERROR: /etc/snort/snor… Continue reading Snort 2.9.16 Session config flush_on_alert too many parameters error
My friend told me that NIDS like Snort are an important part of a security configuration, but to me it seems like an anti-virus program. Should security be had via correctness (such as auditing software for buffer overflows, and using stat… Continue reading Are programs like snort like an anti-virus, or is it something a security professional would use [closed]
I’m new to snort. I’m trying to set up rules in snort to detect the presence of covert timing channels. Ideally, I would like to use pre-made rules like the snort community rules.
So far, I’ve found the snort community ruleset and the emer… Continue reading what snort rules can detect covert channels?
I have a FortiWeb appliance and I have the following algorithm:
IF THREAT_LEVEL == ‘CRITICAL’ THEN
$STORED_BANNED_SRC_IP = $SRC_IP
banned_IP($SRC_IP)
AND after 30 minutes I want to unbanned $src_ip
UNBANNDED_IP($STORED_BANNED_S… Continue reading Implementation banned IP in FortiWeb [closed]
I am learning Snort rules and faced difficulties with the following excercise.
Give examples of requests which bypass the following rule.
alert http $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"SQL Injection Attempt"; … Continue reading How to bypass the Snort rule?