Stack Overflow
Stack Overflow

Questions tagged [intrusion-detection]

137 questions
0
votes
1 answer

Snort rule failing to alert to log

I am writing a custom rule for the following exploit: http://www.exploit-db.com/exploits/36100/ I have ran the exploit, and the packet I am writing the rule around can be seen here: http://txt.do/cxgb This is the current rule I am using: alert tcp…
BuffetOverFlow
  • 5
  • 5
0
votes
1 answer

Snort rule for wing ftp server authenticated command execution

Hi Im writing some custom rules for a university project and I wondered if anyone could check my rule for this vulnerability; http://www.exploit-db.com/exploits/34517/ here is my rule; alert tcp any any -> any 5466 \ (msg: "FTP command execution";…
BuffetOverFlow
  • 5
  • 5
0
votes
1 answer

Empty rules in snortrules snapshot

I configured to install Snort on my Ubuntu 12.04 which also included Barnyard2 and BASE installation. I am using the downloadable rules on Snort's website which requires me to sign up there to get the oinkcode. But however, after I investigate the…
prameshvari
  • 241
  • 1
  • 3
  • 11
0
votes
1 answer

Snort - Trying to understand how this snort rule works

I have an assignment that is requiring me to put the following rule into Snort. drop tcp any any -> 192.168.1.0/24 any (msg:"TCP DoS"; flow: established, to_server; flags:A; threshold: type threshold, track by_src, count 10, seconds 10;) The rule…
Larry
  • 93
  • 1
  • 1
  • 10
0
votes
1 answer

using Snort IDS with Webcrawler

I am ,totally, newbie in Snort IDS software and IDS concept, and I need to know if it possible to detect stealth-malicious-web crawlers using Snort!. in other words, can I define snort rules to detect malicious web crawlers ?!!
Essam
  • 71
  • 1
  • 1
  • 6
0
votes
1 answer

snort rule: logging access to site containing the word "Malware"

I am trying to create a rule for snort to basically log any packets once a user tries to access a page with the word "malware" in it. This is what I have, just asking for some guide. So basically once a webpage contains the phrase it shows an…
ferronrsmith
  • 1,110
  • 5
  • 28
  • 47
0
votes
0 answers

Laravel PHPIDS Include in Every File

I am using the laravel 4 framework. I recently updated composer.json to include PHPIDS. I read the documentation and understand how to implement it, but is there a quick way to filter ALL of the pages on my site, instead of just one? In short, is…
735Tesla
  • 3,162
  • 4
  • 34
  • 57
0
votes
1 answer

unable to load rules while testing snort in test mode on windows8

i installed snort and while running it following error appeared on windows8 --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "c:\snort\etc\snort.conf" ERROR:…
chinmay singh
  • 163
  • 2
  • 7
0
votes
1 answer

Wireless Data Packet Capturing with help of scapy

My code That I have tried is as follows: from scapy.all import * def PacketHandler(pkt) : if pkt.haslayer == 2 and pkt.subtype==0: if pkt.haslayer(IP) : ip=pkt.getlayer(IP) print ip.dst if…
user3292475
  • 49
  • 1
  • 7
0
votes
3 answers

Snort - Error while running

Running snort (in packet dump mode) with command sudo snort -C snort.conf -A console -i eth0 a following problem occurred: --== Initializing Snort ==-- Initializing Output Plugins! Snort BPF option: snort.conf pcap DAQ configured to passive. The…
user2841047
  • 71
  • 2
  • 2
  • 8
0
votes
1 answer

Signature based NIDS regex matching

I am trying to build a signature based intrusion detection system but when matching regex against payloads, I encountered an expression beginning with a caret ^ which means match at the beginning of a line in regular expression. What I wanted to be…
ashish
  • 21
  • 3
0
votes
1 answer

SQL Injection attack testing dataset

There are some web based IDSs which improve the security of web application against SQLIA attacks. One of them is PHP-IDS. I did some changes in the working algorithem of this IDS and now I want to test the performance of both my model & PHP-IDS and…
Amir Sa
  • 253
  • 1
  • 4
  • 10
0
votes
1 answer

kdd cup 1999 dataset, how to use it in Visual Studio 2010

I downloaded KDD99 dataset here: http://archive.ics.uci.edu/ml/machine-learning-databases/kddcup99-mld/kddcup99.html After unzipping I tried to open it using datagrid in VS 2010 but it didn't work, I tried different softwares but none seems to work.…
Secret Secret
  • 77
  • 1
  • 8
0
votes
1 answer

Is there is any way to get honeypot log files

I am developing project. Which is related to honey pots.My problem is there any way to get open source honey pot log files.If it possible, Please provide a link or give any suggestions
user
  • 675
  • 2
  • 10
  • 19
0
votes
1 answer

ossec selective monitoring versus complete system monitoring?

I'm using ossec configuration on a web-server matching which is hosting a very critical application for my organization. I want to know how can i use ossec to monitor changes to the system? I'm new to ossec use, but common sense says if I'm…
asadz
  • 174
  • 15
1 2 3
9 10