Snort is an open source network intrustion detection system
0
votes
0answers
18 views
How to add wildcards to snort rule ip address?
Is it possible to add wildcards or something that would function like them to snort IP address?
For example:
If I'd like to detect source-ip of: 192.168.*.9
where the third octet can be anything in ...
3
votes
1answer
66 views
COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
I have installed Snort IDS and most alarm is:
"COMMUNITY SIP TCP/IP message flooding directed to SIP proxy"
And i use home DSL Internet connection , should i be worried about this alarm ?
I have ...
2
votes
1answer
115 views
Snort (IDS) Don't show Port Scans
I have install Snort & acidbase by this instruction and access it through this local address
127.0.0.1/acidbase/base_main.php
The problem is after scan it with nmap by this command
sudo ...
1
vote
1answer
96 views
snort ignores packets with matching src/dest IP address
This is my rule:
alert udp 192.168.1.1 4000 -> 192.168.1.1 7000 (msg:"This rule doesn't work"; sid:1234567;)
I am running snort against a precaptured packet file where there are UDP packets that ...
0
votes
0answers
118 views
Snort Parallelization Techniques and its effect on DDOS detection capability
I want to ask a query about snort parallelization.
1) Can snort detection rate remains same for all attacks after parallelisation?
2) As the parallelisation of netowrk traffic in each core is based ...
3
votes
1answer
163 views
Are Kismet (on OpenWRT) and Snort IDS (on a linux server) compatitble?
I'm trying to develop an IDS/IPS system project to include these elements:
A router running OpenWRT running Kismet drone (Attitude Adjustment 12.09rc1)
A Linux server (Running Kismet server + client)
...
1
vote
1answer
106 views
Snort, add TCP retransmission rule
Can somebody help me with adding rule for packet retransmission.
I found some documentation about the snort rules, but I am confused how to use it. The rules which catches the packet retransmission ...
5
votes
1answer
225 views
Setting up home lab with Snort and Vyatta - looking for resource recommendations or advice
I'm looking to turn a new desktop (Ubuntu 12.10-64bit) I built into a virtual home lab for testing and experimenting with various security things. The first setup I would like to try running is the ...
1
vote
2answers
133 views
What type of data does Snort log?
This is new to me, but what types of data does Snort log for Network Intrusion Detection?
I am guessing time stamp, source IP address, destination IP address, source port, destination port, protocol. ...
1
vote
1answer
140 views
Are there any test cases to ensure the “web-attacks.rules” snort file works correctly?
I have set up an free evaluation Confluence Server on my local host and have configured "snort.conf" to point to my localhost as "HOME_NET" environment variable.
I tried to test the ICMP rule by ...
1
vote
1answer
178 views
How to write Snort rules based on MAC address?
I would like to create Snort rules based on MAC addresses instead of IP addresses. Most devices on the network are DHCP assigned, and I would like to ignore certain traffic (ex: Dropbox) for some ...
0
votes
0answers
80 views
Swatch installation's issue to detect intrusion
I have installed snort and I want to use the swatch tool to send me an email when it detects something going wrong. I am using OSX and I followed the installation guide: ...
0
votes
1answer
243 views
Why aren't anomaly-based intrusion detection schemes implemented in Snort?
I have read many papers on anomaly-based network intrusion detection. Am I correct that each of their techniques could be implemented as Snort preprocessor? If this is true, why there are no anomaly ...
0
votes
3answers
381 views
Using an IPS as an alternative to mod_security
I am considering deploying mod_security as an addition to our web infrastructure. I am worried about the increased load however as these servers get a lot of hits. I am considering using IPS's such ...
2
votes
2answers
169 views
Enterprise IDS - Deployment & Uses
I am investigating deploying the Snort IDS for an enterprise environment. This environment consists of a NOC that manages several servers, mainly internal but some internet facing. There are several ...
