Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 08:30:37 am

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  The invisible work of system Snort!
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: The invisible work of system Snort!  (Read 12987 times)
andriser
Jr. Member
*
Offline Offline

Posts: 7


« on: Monday 02 July 2012, 11:59:26 pm »

Somehow, Snort does not fix the log-files attacks, port scanning and intrusion for at least RED-interface (external IP)!
Neither the log nor in the web-interface ... Log-file "/var/log/snort/alert" is completely empty! This is the GUI or the Console to configure? In the rare times the log recorded the attack, but only those that are inside ...

While all of this Snort detects and prevents at least a port scannig, when applied to your gateway to the following commands from the external network:

nmap xx.xx.xx.xx
nmap -A -T5 -PN xx.xx.xx.xx
sudo nmap -O xx.xx.xx.xx
nmap -sV -PN xx.xx.xx.xx
nmap -A xx.xx.xx.xx
sudo nmap -sS -p- -PS80,22 -n -T4 -vvv --reason xx.xx.xx.xx
nmap -sV -PN -p80 xx.xx.xx.xx
Logged
andriser
Jr. Member
*
Offline Offline

Posts: 7


« Reply #1 on: Thursday 05 July 2012, 03:56:21 pm »

Got to work IPS and IDS-system Snort, adding the sensor to the external IP of Endian-gateway. That is, now two sensors are configured - one on the surveillance of the local, the other for external interfaces. Wink

The contents of the file "/etc/snort/vars.tmpl":

"var HOME_NET [$HOME_NET,xx.xx.xx.xx]
var DNS_SERVERS [$DNS_SERVERS]
"

, where xx.xx.xx.xx - external IP of my Endian Firewall
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com