Hello, I have to deploy a Snort based intrusion prevention system. I am total newbie in this, so any kind of help , references for starters would be highly appreciated. Also snort documentation talks about Honeynet Snort Inline Toolkit, but the available link to it is returning 404. I checked it on Honey net but couldn't find it. Als...
i am trying to create a rule for snort to basically log any packets once a user try to access a page with the word "malware" in it. This is what I have, just asking for some guide. So basically once a webpage contain the phrase it show GO CRAZY!!!!!!! alert tcp any any -> any any (content:"malware"; msg:"Someone clone is accessin...
Right well I'm working on an IDS using Snort. To be run on the client side. At the momoent I'm trying to create alerts when certain FTP commands are issued and yet it does not seem to catch them. The rest of my rules file is fine at works for detedting portscans and logins to facebook. Heres what I've done: preprocessor sfportscan: prot...
Hi. I’m working on DARPA 1998 intrusion detection dataset. When I run snort on this dataset (outside.tcpdump file), snort don’t generate complete list of alerts. It means snort start from last few hours of tcpdump file and generate alerts about this section of file and all of packets in first hours are ignored. Another problem in generat...
Hi all, I would like to know, is there a conversion library for converting string patterns to PCRE regular Expression patterns. Sample Patterns: application/ms-tnef ARKADMIN_GET_ 34 ^MAIL FROM|3a| ? 2| Thanks in advance. ...
Having a problem with parsing Snort logs using the pyparsing module. The problem is with separating the Snort log (which has multiline entries, separated by a blank line) and getting pyparsing to parse each entry as a whole chunk, rather than read in line by line and expecting the grammar to work with each line (obviously, it does not.)...
Hi all. I have been working with snort-IDS. I have got some log files at /var/log/snort. The files are of type snort.log.xxxx. How do i view this file??? ...