Saturday, September 24, 2011

snort alert for system

for this part, we will learn about snort. if using backtrack 5 r1, we can find snort in menu backtrack => services => snort services.

first, start snort. after start snort, open terminal, and type "pico /etc/snort/snort.conf "



now, we can edit like this :

edit var HOME_NET any, to be like this var HOME_NET "your ip".
to finish, press "ctrl+x", "y" and press "enter".

now we can run snort.
in terminal we can type "snort -i eth0 -q -c /etc/snort/snort.conf -A console" if we use wireless, we can change "eth0" with "wlan0".

our alarm ready to "ring".
the respond if there is an attacker :

-=CMIIW=-






Posted by at
Labels: , , ,

7 comments:

  1. Trojan - Akakom - S1 :1. Galih Pratomo 10042 2. Dion arya PamungkasSeptember 26, 2011 at 7:51 PM

    dre ajari quu yg muu bsa,,,

    ReplyDelete
  2. OnyiingSeptember 28, 2011 at 1:21 AM

    using english please.. :P

    ReplyDelete
  3. UnknownJuly 6, 2012 at 9:12 PM

    This comment has been removed by the author.

    ReplyDelete
    Replies
    1. OnyiingJuly 6, 2012 at 9:32 PM

      meybe you can read it to your reference about your problem :D
      https://groups.google.com/forum/?fromgroups#!topic/snortusers/SqZFDXpH6gU
      http://ubuntuforums.org/showthread.php?t=1362802

      Delete
  4. UnknownJuly 6, 2012 at 9:36 PM

    I entered this snort -i wlan0 -q -c /etc/snort/snort.conf -A console
    and all i get is a blinking cursor i ran nmap and it did not pick any
    thing up am i doing something wrong?

    ReplyDelete
    Replies
    1. OnyiingJuly 6, 2012 at 9:45 PM

      did you have been setting "/etc/snort/snort.conf" with your ip?

      Delete
    2. OnyiingJuly 6, 2012 at 10:11 PM

      i has been tried it a minute ago, if on one of operating sytem it can't be worked.. so are you have been try to using nmap on another computer to try the scanning..and it's worked.

      Delete

Subscribe to: Post Comments (Atom)