snort – Page 9 – WindowsTechs.com

Snort CSV details @ alert

Posted on December 27, 2018 by chandu

I have enabled the fast logging mode, my question here is how can I extract the CVE details or reference tag inside the /var/log/alert file, as if now I am able to see only this much data in alert file.11/17-01:16:29.270323 … Continue reading Snort CSV details @ alert→

Snort VS Bro vs Suricata [on hold]

Posted on November 24, 2018 by cdemet

I try to find what is best to install,use and for protection for a List of Webservers and databases.

What you prefer Snort, bro or suricata ?

Continue reading Snort VS Bro vs Suricata [on hold]→

Threshold for DDOS Attack

Posted on November 1, 2018 by cosmicrao

I am trying to understand and simulate SYN Flood DDOS attacks. I am using snort to give me alerts. While I have control over the rate for my testing, I am interested in knowing what a good estimate of the traffic rate might b… Continue reading Threshold for DDOS Attack→

snort alert ssl layer

Posted on October 24, 2018 by Snort User

I’m using snort 2.9.11.1 with ssl preprocessor, when I’m want to alert “client hello” I’m using this rule:

alert tcp any any -> any 443 ( msg:”Client Hello”; ssl_state:client_hello; sid:1;)

and I get the alert:

10/23/1… Continue reading snort alert ssl layer→

Snort Setup Error on Kali [on hold]

Posted on September 27, 2018 by ayse_cybersec

I am trying to establish a snort on Kali PC and get the following error while running the ./configure command. I downloaded snort-2.9.11.1 and daq-2.0.6 files as shown on snort.org. I have tried many methods but the result ha… Continue reading Snort Setup Error on Kali [on hold]→

How to sniff VPN traffic using Snort?

Posted on September 19, 2018 by marmita

Here’s what I want to do:

I want to use a VPN client on my PC (like TunnelBear).
Then I want to use Snort to sniff traffic before it’s encrypted and after it’s decrypted by VPN.

So basically I want Snort to sit between my OS and the VPN…. Continue reading How to sniff VPN traffic using Snort?→

Loopback with Suricata

Posted on September 7, 2018 by Neveralways

Is there any way of analyzing loopback traffic with Suricata?

I am trying it this way without success:

root@security-onion:/home/sar/TFM/alerts/suricata# suricata -c /etc/suricata/suricata.yaml -i lo -l . -k none
7/9/2018 -… Continue reading Loopback with Suricata→

Analyzing Apache log with Snort

Posted on September 4, 2018 by Neveralways

I need to analyze an Apache log with Snort and others IDS/WAFs (Suricata, mod_security and Shadow Daemon). In order to do so, I was thinking about create TCP packets with the GET and POST requests stored in the Apache log wit… Continue reading Analyzing Apache log with Snort→

Are these Snort rules correct?

Posted on July 24, 2018 by Michel Tangue

I wrote this rule so that when there are more than three failed SSH connection attempts that there is an alert but it is not working. Are these rules badly written? Or if not I ask the exact writing of the rule.

It’s an emer… Continue reading Are these Snort rules correct?→

Snort IDS, Man In The Middle Attack

Posted on July 24, 2018 by dedy

I’m detecting arp poisoning attacks from the login page of a website using snort ids. I have not found a suitable rule for the attack. anyone can help me ?

Continue reading Snort IDS, Man In The Middle Attack→