Installing Snort
41
IIS double encoding vuln
Flip backslash to slash
Include additional whitespace separators
Ports to decode http on: 80
rpc_decode arguments:
Ports to decode RPC on: 111 32771
telnet_decode arguments:
Ports to decode telnet on: 21 23 25 119
Conversation Config:
KeepStats: 0
Conv Count: 32000
Timeout : 60
Alert Odd?: 0
Allowed IP Protocols: All
Portscan2 config:
log: /var/log/snort/scan.log
scanners_max: 3200
targets_max: 5000
target_limit: 5
port_limit: 20
timeout: 60
1273 Snort rules read...
1273 Option Chains linked into 133 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
Rule application order: >activation >dynamic >alert >pass
>log
== Initialization Complete ==
*> Snort! <*
Version 1.9.0 (Build 209)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
As you can see from the previous output, Snort has started listening to interface
eth0. If any packet matches the rules, Snort will take appropriate action according to
that rule and will generate alerts. Alerts may be generated in different forms. Alerts that
you will see with this basic setup are logged in /var/log/snort/alerts file.
Later on you will see how to generate alerts in other forms and log them to a database.
You will also learn about the format of the alert data files generated by Snort later.
You can terminate the Snort session any time by pressing the Ctrl and C keys
simultaneously. At this point, Snort will display a summary of its activity and then quit.
A typical summary is as follows:
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved