Page 13 of 31 FirstFirst ... 3111213141523 ... LastLast
Results 121 to 130 of 309

Thread: Intrusion Detection

  1. #121
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Quote Originally Posted by shahin View Post
    Hi Bodhi,
    I see alerts in my alerts file in /var/logs/snort directory, but I do not see them in base page. Here is what I have in the alerts files:

    Code:
    [**] [1:382:7] ICMP PING Windows [**]
    [Classification: Misc activity] [Priority: 3] 
    04/19-09:43:20.987089 192.168.1.4 -> 192.168.1.3
    ICMP TTL:128 TOS:0x0 ID:24149 IpLen:20 DgmLen:60
    Type:8  Code:0  ID:512   Seq:16128  ECHO
    [Xref => http://www.whitehats.com/info/IDS169]
    
    [**] [1:384:5] ICMP PING [**]
    [Classification: Misc activity] [Priority: 3] 
    root@thunder:/var/log/snort#
    but base page is blank. Any idea?
    No idea

    snort logs according to rules. So I am guessing a problems with mysql.

    Quote Originally Posted by tronnix75 View Post
    need help getting the rules downloaded, i use your commands i get a permission denied i typed in this"

    wget http://www.snort.org/pub-bin/downloads.cgi/snortrules-snapshot-2.8.tar.gz
    tronnix : You need to register with snort before you can download rules.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #122
    Join Date
    Oct 2007
    Location
    Cali
    Beans
    69
    Distro
    Ubuntu

    Re: Intrusion Detection

    I am registered with snort and logged in.

  3. #123
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Intrusion Detection

    Well then download the rules

    Notice, they limit how often you can download, I think there is a 10 or 15 minute time out.

    http://www.snort.org/pub-bin/downloads.cgi
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  4. #124
    Join Date
    Oct 2007
    Location
    Cali
    Beans
    69
    Distro
    Ubuntu

    Re: Intrusion Detection

    i will try again. is your guide pretty up to date? i am using ubuntu 8.04 right now and trying to learn more!!

  5. #125
    Join Date
    Dec 2006
    Beans
    242

    Re: Intrusion Detection

    I had a lot of trouble using wget. So I just downloaded the file to my desktop using Firefox, then copied the file to the directory that I wanted like /usr/src/snort or /etc/snort/ .

    Good luck

  6. #126
    Join Date
    Dec 2006
    Beans
    242

    Re: Intrusion Detection

    Hi Bodhi,
    My problem is not mysql. I see alerts there:
    Code:
    mysql> show tables;
    +------------------+
    | Tables_in_snort  |
    +------------------+
    | acid_ag          | 
    | acid_ag_alert    | 
    | acid_event       | 
    | acid_ip_cache    | 
    | base_roles       | 
    | base_users       | 
    | data             | 
    | detail           | 
    | encoding         | 
    | event            | 
    | icmphdr          | 
    | iphdr            | 
    | opt              | 
    | reference        | 
    | reference_system | 
    | schema           | 
    | sensor           | 
    | sig_class        | 
    | sig_reference    | 
    | signature        | 
    | tcphdr           | 
    | udphdr           | 
    +------------------+
    22 rows in set (0.00 sec)
    
    mysql> select * from event;
    +-----+-----+-----------+---------------------+
    | sid | cid | signature | timestamp           |
    +-----+-----+-----------+---------------------+
    |   1 |   2 |         1 | 2009-04-12 15:24:20 | 
    |   1 |   3 |         1 | 2009-04-12 15:24:20 |
    I just do not see them in BASE. I also do not see a sensor. BTW, I did not see anything about us having to install ACID. Did I miss a step? Other procedures I have seen about this, involves installing ACID.

  7. #127
    Join Date
    Oct 2007
    Location
    Cali
    Beans
    69
    Distro
    Ubuntu

    Re: Intrusion Detection

    this part is confusing:
    I mostly copy and pasting but the URL i copy are not correct.


    wget http://www.snort.org/the_rules_you_wish_to_use

  8. #128
    Join Date
    Dec 2006
    Beans
    242

    Re: Intrusion Detection

    If you downloaded snort 2.8.x ( x = whatever revision ), then you want this url:
    Code:
    http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/snortrules-snapshot-2.8.tar.gz
    Bodhi just wrote it that way, meaning you need to select which version or rules matches your snort file.

  9. #129
    Join Date
    Dec 2006
    Beans
    242

    Re: Intrusion Detection

    I think I have an issue with the way I set up the permissions. I see a couple of other posts regarding missing sensor id in mysql, which causes BASE not to show anything. How can I get more information about this and troubleshoot it please?

  10. #130
    Join Date
    Oct 2007
    Location
    Cali
    Beans
    69
    Distro
    Ubuntu

    Re: Intrusion Detection

    thanks for the URL that worked now i went to the next command
    cd snort2.8.3 what does this mean there is no directory for that

    I downloaded that latest snort 2.8.4

Page 13 of 31 FirstFirst ... 3111213141523 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •