Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 23 November 2024, 02:34:03 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14258 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Need to be schooled on SNORT IPS
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Need to be schooled on SNORT IPS  (Read 11063 times)
jpin
Full Member
***
Offline Offline

Posts: 11


« on: Friday 23 May 2014, 04:13:07 am »

So just installed my first Endian Firewall 3.0.   Working ok, but I'm trying to get the IPS up and working.   I thought it was working till I noticed it wasn't blocking anything it was only detecting.   My question is how do you start blocking things?  surely going through every rule and manually changing all of the policies isn't the way.  For that matter I wouldn't know which ones to enable if I did go that route.   Huh

Can someone help me understand?
Logged
jpin
Full Member
***
Offline Offline

Posts: 11


« Reply #1 on: Wednesday 11 June 2014, 11:25:00 pm »

Nobody knows anything about SNORT IPS on Endian?  Surely I'm not the only one using this?
Logged
Ricard
Full Member
***
Offline Offline

Posts: 11


« Reply #2 on: Wednesday 02 July 2014, 01:02:49 am »

- visit  www.testmyids.com  and then see your log

- check the Intrusion Prevention is active,  and then go the Intrusion Prevention ->Snort  Editor
Edit "/auto/emerging-policy.rules" section, and then go until the final pages (12+-) until your find the rule "2017015 ET POLICY DropBox User Content Access over SSL"

Check that rule is active and showing the shield icon. Then try to download this file (or any other belonging to https://dl.dropboxusercontent.com/....)
https://dl.dropboxusercontent.com/s/pgo6ryv8tfjodiv/streaming.sas7bdat

Try yourself checking and unchecking this Dropbox rule, applying changes, and trying again to download that file.  See your logs.


More specific tests:
http://.alijahangiri.org/2012/04/how-to-test-snort-with-penetration-testing-tools/
http://lteo.net//2012/10/26/an-easy-way-to-test-your-snort-rules/

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com