[IPS/IDS ] Snort 3 Plus - Installation - 32x - 64x bits

 

Cisco to release flying pig - Snort 3.0 • The Register 

     Snort 3 is a intrusion detection and prevention tool made by Cisco Talos, free and open source, one of my favorite to work with, got a simple installation and configuration compared to some others.

   Here is a quick run and installation From GIT Repo to Debian / Ubuntu 32-64 Bits.




##################################################

After everthing get done, type:

nano /etc/snort/snort.lua   

Here the configuration must be set the same of older versions of Snort eg.:

Note: Change the declaration for EXTERNAL_NET to !$HOME_NET – this expression means the external network will be defined as any IP address that is not part of the home network. Important! If you leave HOME_NET declared as “any” you cannot use !$HOME_NET, as the expression will translate to “not any” and throw an error when you try to start Snort. 

Noticed: the new conf seens the same at inserting new RULES, so, lets start setting it at /etc/snort/rules/myrules.lua  




Comments

Post a Comment

Popular posts from this blog

Get Info From DNS Servers and Active Hosts

Image
      Get the Authority Dns Reverse Servers with a nice tool called Whois ; so then you can start a passive gathering from Multiples Hosts in a file caught by your IDS or IPS blacklist or from some secure source database on web , either if it has 80.000 hosts file , turning it into a powerful tool with pv and grep to your toolkit.   pv is a monitor to progress of data through a pipe or source, same as a more common tool DD, but pv offers some more options to Show Progress and Monitor  data transfer. Here, I'm using grep followed with -H to bring the Source File Name and -f option to insert a match list  in a file named Matchfile. apt-cache search whois # also check other tools as dmitry # Check WHOIS Flags Enabled :                     '-a' = All mirrored databases.                    '-d' = Return the Reverse DNS delegati...
Read more

Nmap Scan Your Home Network [Linux]

Image
       To those that are new in Security Information, here is one of most popular tool which you can't left out of your toolbox.       I made this script to introduce you  Acknowledgment  scan, which grap FLAG status  from target host in the first defaults ports (1-1024) which are some of most important ports.      The OSI Protocol was made to have from 0-65535 ports (tcp/udp), you can have the additional in yout amazing SCAN ports with same script just add "-p": eg: nmap --scripts=default -p 1-65535      The "scripts=default means the  nmap is going  to activate the options "-O" and "-A" for OS (Operation System), what ever it is! And  grap  banner fingerprint from deductions or most its acctual OS running at the target and activating Advanced Scan that also makes injection of scripts to probe the data from Firawall / IDS / IPS scope. # I've also brought graphical map of som...
Read more

IDS (Intrusion Detection System) - Snort 2.9 [Linux Deb/Ubuntu]

Image
  What is Snort?      Snort is the foremost Open Source Intrusion Detection System (IDS) in the world. Snort IDS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users.      Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike. (apud: https://www.snort.org/)      After digging made this script to make life more easier, you may just [ apt install snort -y ] to verify if your REPO got everything before, if it doesn't work, just copy and run the first script out of three: [1] Install from tarball file manually  [2] Makes Configuration ...
Read more