Page 31 of 31 FirstFirst ... 21293031
Results 301 to 309 of 309

Thread: Intrusion Detection

  1. #301
    Join Date
    Apr 2006
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by espressobeanie View Post
    Woohoo! I figured it out. Bodhi, I did create a user named snort, and all of that. It seemed that importing the schemas was the problem. When you did that mysql command, I kept using my login password and not the mysql one. Now, I get snort is running successfully while whitelisting those two ip addresses.
    Well done =)
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #302
    Join Date
    Apr 2007

    Re: Intrusion Detection

    Quote Originally Posted by rodney757 View Post
    I was just reading this tutorial and it says to use airsnort if you use wireless. When I go to the airsnort site it says that the project is dead. Is there an alternitive I should use? Thanks
    Quote Originally Posted by over_my_head View Post
    thanks for writing the tutorial - i haven't tried it yet but it looks very detailed.
    I intended to go ahead and try it out, using airsnort since i'm on a wireless connection. i went to the airsnort page, it says: "This software is old. It is no longer maintained or supported. Besides, there are much better tools out there. You really should be trying something like aircrack-ng."
    aircrack-ng seems to be some way of cracking wireless network encryption keys... and then it says it can "audit" wireless networks...
    i'm very confused now.
    Quote Originally Posted by baguahsing View Post
    For wireless you recommended airsnort. I clicked on the link and it said that it was old an no longer supported. The site said there are better alternatives and gave 1 or 2 recommendations. Should I stick with airsnort or look for something else? I have an older laptop, Toshiba Satellite Pro 6100, P4 1.6GHz cpu, 1Gb mem, and a 40Gb hard drive. Will Apache be too much for me? If so, what NID and HID would you recommend?
    I want to second what all these guys are saying: According to the airsnort website, airsnort is outdated and no longer developed or maintained. It refers people to aircrack-ng, but that seems to be cracking software, not intrusion-detection software.

    Here is my issue: System Monitor is showing a conspicuously high amount of data that has been sent over the network from my computer, and even after I restarted X, I noticed I was constantly uploading data at a few KB/s. I want to know who my computer is/has been communicating with and why, but I'm not sure how.

    After initially posting this, I've realized this is probably what OSSEC was made for, not Snort. Am I correct here?

    If not, has Snort been updated to include wireless support, or is there another viable software package that does? I understand if Snort is not able to monitor every packet crossing over the wireless network, but I at least want to determine who my own computer is sending packets to. What's the best way to do this?
    Last edited by UnrealMiniMe; August 21st, 2010 at 01:06 AM.

  3. #303
    Join Date
    Sep 2010
    East Coast, USA
    Ubuntu 10.04 Lucid Lynx

    Question Re: Intrusion Detection


    I am a newbie to Linux and security on a dual-boot AMD_x86 Gateway machine running Lucid Lynx,

    1. I installed ossec and used the script. My installation is agentless and ossec is running.

    But maybe because I am a newbie I missed something such as ::

    How would I know that anything is wrong unless I manually read the logs?

    I read the installation instructions but beyond running I am not sure what to configure next, so that I get some sort of notification more frequently than 6 hours (the default time between ossec checks). I guess the instructions are okay if you already know how to do it. I 'm afraid I'll mess something up.

    2. I downloaded airsnort from to cover any possible network intrusion. Here's my dilemma::

    I already have a LAMPP stack installed on my system in /opt. It has to be started manually when I want to use it. Should I still install another copy of Apache and MySQL? (I don't use the LAMPP stack on the network - no reason to. ) Will it affect anything on the LAMPP stack?

    Thank-you in advance.


  4. #304
    Join Date
    Jun 2010
    Devant mon ordinateur
    Ubuntu 10.04 Lucid Lynx

    Angry There is a problem with the configuration server

    I installed ossec as described in post #6, and the web interface in post #7. After doing this, I rebooted my computer, and as it was loading, an error message was displayed.

    There is a problem with the configuration server.

    (/usr/bin/libgconf2-4/gconf-sanity-check-2 exited with status 256)
    I googled the error message, and found only this forum post. On the post, the following command was suggested:

    sudo chmod 755 /etc/gconf/gconf.xml.system
    I entered the terminal, and logged in, by pressing ctrl+alt+f1. I assume that the fact i was able to do that means that it is a problem with gnome(?). However, the error message only started appearing after i installed ossec, and the web interface. At the terminal, I entered the above command, but it didn't resolve the problem.

    Any ideas? has anyone else had the same problem?

  5. #305
    Join Date
    Mar 2011

    Re: Intrusion Detection

    I intended to go ahead and try it out, using airsnort since i'm on a wireless connection. i went to the airsnort page, it says: "This software is old. It is no longer maintained or supported. Besides, there are much better tools out there. You really should be trying something like aircrack-ng."

  6. #306
    Join Date
    Mar 2012

    Re: Intrusion Detection

    Does anyone know if the original posts here are still applicable or are they outdated ?


  7. #307
    Join Date
    Dec 2006

    Re: Intrusion Detection

    This is a popular setup. I think you will run into some issues related to difference in software packages and etc. I would suggest that you install one component at a time. There is other information online about this setup. Here is what I would suggest you do:
    1- Install Snort first, and run it by itself and verify that you can view packet captures
    2- See if you can store the traffic in the database
    3- install the management interfaces. I think BASE is no longer used.
    Keep in mind that I did this a couple of years ago, and the above steps are just to give you an idea of what I would suggest. My point is that I don't think you can do every step, and get the exact output stated. But overall the procedures rocked. I learned so much by doing this.
    Good Luck

  8. #308
    Join Date
    Feb 2012

    Re: Intrusion Detection

    I've just installed AlienVault and can't start snort. I'm a newbie. Maybe you can provide some help.

    This is the error i get: After everything seems to work fine.

    server snort[26207]: FATAL ERROR: Failed to initialize dynamic engine: SF_SNORT_DETECTION_ENGINE version 1.16.18

    AlienVault 4.1 , everything up to date.

    thank in advance, and sorry for the near off-topic.

  9. #309
    Join Date
    Nov 2009
    Ubuntu 12.04 Precise Pangolin

    Re: Intrusion Detection

    I'm not sure if Alienvault has a special way of setting things up for its version of Snort, but in my experience when they dynamic engine is being loaded it gives the actual path to the library which is typically somewhere in /usr/lib. The first place I'd check is in /etc/snort/snort.conf to see if there is a properly configured path to the dynamic engine.

    This may be something better suited for Alienvault support forums, though.

Page 31 of 31 FirstFirst ... 21293031


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts