What is the token generated when you create a snort rule that will detect all icmp traffic?
What is the token generated when you create a snort rule that will detect all icmp traffic?
Collaborate Disseminate
What is the token generated when you create a snort rule that will detect all icmp traffic?
I’m in my last year of university and for my honour’s project I am tasked with comparing two intrusion detection systems, snort and suricata, hosted on a virtual machine on my PC.
As I have no access to networking devices such as switches … Continue reading What is the best way to create a PCAP file containing malicious traffic?
In our Suricata (version 6.0.4) logs we find many alerts messages like [1:2210045:2] SURICATA STREAM Packet with invalid ack [Classification: Generic Protocol Command Decode].
These come from the following rule:
alert tcp any any -> any… Continue reading How can I find out what rule option "stream-event:pkt_invalid_ack" means in Suricata? [closed]
How do you figure out Snort’s source & destination IP and port if the question is so vague? For example:
Write a snort rule that detects a UK NI number sent from a client’s web browser to a web server.
I understand how to write the reg… Continue reading How to determine Snort rules source & destination IP and port
I currently use fiddler/Charles Proxy/MITM proxy to decrypt and analyze SSL/TLS traffic from suspect mobile apps I want to analyze. The process I follow is to export a CA cert from Fiddler, then import that cert onto the physical phone. I … Continue reading Decrypt mobile phone app TLS/SSL traffic using Wireshark and Fiddler/Charles/MITM Proxy
How to configure Snort 3 to detect nmap’s port scanning? If port scanning is dectected I want to log it into a log file.
Continue reading How to configure Snort 3 to detect nmap’s port scanning? [duplicate]
How to configure snort 3 to detect nmap’s port scanning? For instance I want to know that an external machine A is looking with nmap for open ports on my machine B.
Such a port scan can include all ports incl. of the services available beh… Continue reading How to configure Snort 3 to detect nmap’s port scanning? [duplicate]
I have not found anywhere how to configure and use sfportscan in snort 3; all documentation I can find is for snort 2. I am aware of this answer, which applies to snort 2.9, and I don’t think it helps me here.
As far as I understood, I nee… Continue reading Use sfportscan preprocessor in snort 3
I am currently learning about IPS and was wondering about a query that applies to how IPS works. I have knowledge of CSRF and XSS attacks, however I am unsure if Intrusion Prevention Systems can prevent these attacks as it aims to block in… Continue reading Can an Intrusion Prevention System (e.g. Snort) prevent CSRF and XSS attacks?
When I run Snort on a pcap file (that contains malicious traffic), it does not detect anything.
I uncommented the rules path in Step #7 at snort.conf. Nothing is changed.
How to let Snort detect attacks from test.pcap and generate a log fi… Continue reading Snort does not detect attacks when running in offline mode