Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 02 November 2024, 02:32:17 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Need to be schooled on SNORT IPS
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Need to be schooled on SNORT IPS  (Read 10671 times)
jpin
Full Member
***
Offline Offline

Posts: 11


« on: Friday 23 May 2014, 04:13:07 am »

So just installed my first Endian Firewall 3.0.   Working ok, but I'm trying to get the IPS up and working.   I thought it was working till I noticed it wasn't blocking anything it was only detecting.   My question is how do you start blocking things?  surely going through every rule and manually changing all of the policies isn't the way.  For that matter I wouldn't know which ones to enable if I did go that route.   Huh

Can someone help me understand?
Logged
jpin
Full Member
***
Offline Offline

Posts: 11


« Reply #1 on: Wednesday 11 June 2014, 11:25:00 pm »

Nobody knows anything about SNORT IPS on Endian?  Surely I'm not the only one using this?
Logged
Ricard
Full Member
***
Offline Offline

Posts: 11


« Reply #2 on: Wednesday 02 July 2014, 01:02:49 am »

- visit  www.testmyids.com  and then see your log

- check the Intrusion Prevention is active,  and then go the Intrusion Prevention ->Snort  Editor
Edit "/auto/emerging-policy.rules" section, and then go until the final pages (12+-) until your find the rule "2017015 ET POLICY DropBox User Content Access over SSL"

Check that rule is active and showing the shield icon. Then try to download this file (or any other belonging to https://dl.dropboxusercontent.com/....)
https://dl.dropboxusercontent.com/s/pgo6ryv8tfjodiv/streaming.sas7bdat

Try yourself checking and unchecking this Dropbox rule, applying changes, and trying again to download that file.  See your logs.


More specific tests:
http://.alijahangiri.org/2012/04/how-to-test-snort-with-penetration-testing-tools/
http://lteo.net//2012/10/26/an-easy-way-to-test-your-snort-rules/

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com