Saturday, September 24, 2011

snort alert for system

for this part, we will learn about snort. if using backtrack 5 r1, we can find snort in menu backtrack => services => snort services.

first, start snort. after start snort, open terminal, and type "pico /etc/snort/snort.conf "



now, we can edit like this :

edit var HOME_NET any, to be like this var HOME_NET "your ip".
to finish, press "ctrl+x", "y" and press "enter".

now we can run snort.
in terminal we can type "snort -i eth0 -q -c /etc/snort/snort.conf -A console" if we use wireless, we can change "eth0" with "wlan0".

our alarm ready to "ring".
the respond if there is an attacker :

-=CMIIW=-






7 comments:

  1. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. meybe you can read it to your reference about your problem :D
      https://groups.google.com/forum/?fromgroups#!topic/snortusers/SqZFDXpH6gU
      http://ubuntuforums.org/showthread.php?t=1362802

      Delete
  2. I entered this snort -i wlan0 -q -c /etc/snort/snort.conf -A console
    and all i get is a blinking cursor i ran nmap and it did not pick any
    thing up am i doing something wrong?

    ReplyDelete
    Replies
    1. did you have been setting "/etc/snort/snort.conf" with your ip?

      Delete
    2. i has been tried it a minute ago, if on one of operating sytem it can't be worked.. so are you have been try to using nmap on another computer to try the scanning..and it's worked.

      Delete