Top Solutions

I have bought a Cisco ASA 5510 firewall and am trying to use ASDM to configure it. After putting the firewall on I put the url https://192.168.1.1 the web page asks for the username and password. The instructions on the cisco web site says to...

I get a call from a user stating that they can't log-on because their security log is full.  I save the log, then clear it.  I get another call from a different user, same problem the next day.  I get yet a third call the next day, same problem,...

Hi,

I have threat detection configured and I want to shun scanning attempts.... in order to enable shun, it seems I have to first disable threat-detection scanning-threat and then re-enable with "threat-detection scanning-threat shun", however...

I want to implement snort on a virtual server, is snort available as a virtual appliance? If so, where can I get it?

Hi experts, I'm very new to ASA5510 configuration (I use ASDM GUI mainly) Here's my problem as clearly as I can explain it::

I can access ASDM for the firewall management via VPN, but I cannot access the IPS tab to manage the SSM-10 module. I...

I am getting a crazy amount of alerts in snort.  Most of which is known good traffic.  I don't just want to comment out the rules that are giving me a lot of alerts because then the rule won't be active anymore.  I hear a lot about fine tuning...

I'm looking for information on testing/comparison between Juniper IDP and TippingPoint IPS. Links to any websites, white papers or personal experiences would be highly appreciated. We have compared both by trial, but I would also like some second...

Dear Experts:

recently installed snort and configured same is successfully working also installed barnyard-0.2.0 and copied the barnyard.conf to /etc/snort/barnyard.conf, attahced the /etc/snort/barnyard.conf for your reference ,
1. Please...

Ok, so my parent companies IT director came to me today and stated that he received a call from our ISP today stating that they are noticing quite an out flux of "spam" messages coming off of my network.  They told him the external IP address, as...

I installed Snort on Ubuntu 11.10 with the software manager tool and apt-get. but cannot find it to launch it.

does anybody know the command to launch snort or the commands to run it

thank you....

I need to do some stress test to my sever. Where can I find some DOS attack source code?

We purchased a RSA SecurID Appliance (130) it is missing the user guide. Can anyone provide it, or link me to it?

After configuring some of my event sensor settings I got an error and could not get back into the IPS sensor using ASDM for configuration. Its been working great for months until now. After I put in my username and password for the IPS it tries...

Hello All,

I keep getting this error every 15 minutes for a Windows 2000 Server SP4:

05/06/2008 10:10:40.624 - Alert - Network Access -       Malformed or unhandled IP packet dropped -       10.1.1.22, 0, LAN, QUAD_CAM -       224.0.0.17,...

Over the period of about a month, all our VPN laptops seem to be getting infected with what must be a rootkit of unknown origin. McAfee, SpyBot and SpySweeper can't seem to find any bugs, but our IDS has been alerting me to these symptoms: ICMP...

i want to filter traffic from 2 ip address
192.168.10.3
192.168.20.4
how can i do this?

I have noticed that I'm getting signature alerts with a signature Id 6061 (DNS InfoLeak-UDP) on my IPS module. It looks like the attacker shows as one of my domain controllers with a target of an IP address of 192.168.1.4 over port 123. I know...

Hi Experts,

I'm trying to track URLs and pages visited and log them to a MySQL database. I currently have Suricata and Barnyard2 running. I think the easiest way to do this is with a new rule for Suricata to log that part of the header. How...

We are looking for a type of SIEM / syslog tools which could do the following:

1.) Gather information from different systems, applications and appliances (cisco, barracuda, Checkpoint, etc...).
2.) Will provide correlation of logs but mainly...

Hi,
I am running sles 11 sp1 and trying to install snort 2.9.05.tar.gz.
I went to snort site grab daq-0.5.tar.gz and installed it.
When After I try to install snort running "./configure "  I get an error :
       ERROR! daq_static library not...

Greetings,
I am trying to configure a rule in the local.rules file to capture DNS queries for malwaresite.ru. The following rule is not working

alert udp any any <> any 53 (msg:"DNS request of bad URL"; content:"malwaresite.ru"; sid:1232313;)...

Hi,
I have a problem with CAM/CAS, all user cannot login/access to their Computer, because clean Access Manager certificate has expired, and I Cannot Access CAS too because of the same issue, can I recertified for them (CAM/CAS)..? and can u...

Ran a belarc program and it showed a wireless netgear on my lan but I can find it anywhere. I want to track it down but dont know how. I was able to get its ip and physical address but nothing else. Is there a way to effectively block it by GPO...

Scenario: I have a cisco ACS ver 5.1, cisco WLC 5508, Cisco AP 1140 (light weight) and an end user laptop.

Req: When the laptop user tries to access the wireless network via AP, he should be authenticated via the ACS 5.1
 Is it possible ?? If...

I am trying to tune my new Snort box.  I am getting a number of false positive alerts related to the http_inspect preproccessor.  The alerts are associated with outgoing traffic from my users going to various websites and not incoming traffic to...

Dear,

We have more then 300 client PC in our network. All PC has install Symantec Endpoint Protection with Centralized control of Symantec Endpoint Protection Manager.

We notice there are some PCs, which keep sending attack on all client...

I have 1 server and I want to stop attack on it (like DOS)

I already install Snort as IDS, but how to make it become IPS (Snort + Iptables?)

Thanks in advanced!

Hi,
We use snort 2.8.5 for in and out vulnerability monitor and doing very nice job for us. But, the company that hosts our website complains about an attack is being generated from our network to his webserver. Even though we are closely...

Hi

I am having a number of logon failures on our SBS 2003 Server which are odd usernames happening in the early hours of the morning. It looks like someone occassionally is trying to log into the server but it must be remotely going by time of...

Hi, I've installed Snort on Centos, and have it running successfully.  Only thing is that in BASE, I don't see any alerts even though I've thrown nmap traffic around the LAN, and even at the snort box itself.  I'm running this in VMWare where the...

I am tasked with configuring an intrusion prevention module on a Cisco ASA 5510 firewall. This firewall is currently in production but the IPS module has not been enabled yet. I need someone with some experience in this area to give me some...

How many WAN interfaces can you configure on a Sonicwall NSA 3500 Firewall? It is using Enhanced OS SonicOS Enhanced 5.2.0.1-21

Does anyone know if the Nessus client for Windows is still available (even in Beta form)

If I go here:
http://nessuswx.nessus.org/

it tells me "NessusWX has been discontinued. Please use NessusClient 3.x instead." and the link points to...

HI,

I have question on Port Spanning on a Cisco 2960 switch. I want to monitor a port on a switch and I want both incoming and outgoing traffic on that port. In the past on other switches I just setup port mirroring and I used Wireshark to...

Hello,

Getting packetfence-zen loaded onto an ESXi server.  

Have vsphere client connected to the server and am able to create virutal machines no problem.  

I've downloaded the packetfence-ZEN (zero effort NAC) Zip and extracted it. ...

I have been tasked with installing a configuring a Snort IDS/IPS machine on my network.  I am new to IDS/IPS all together and want to make sure I have the basics down before I get started.  Below, you will see a current diagram of my network.  I...

Hello,

I'm concerned about "sites probing my server" - could a security expert please review the log below and advise on what to do?  

When I enter one of the URLs directly on my browser:
...

Hi all, I recently bought an IDS 4215 on ebay, and I want to upgrade it to 6.0. It was 5.0, I upgraded to 5.1 without troubles, but can't upgrade to 6.0.
If i boot in rommon and get a 6.0E1 img file via TFTP, I got kernel panic: not enough...

I currently have snort installed on my network as an IDS.  I need to figure out how to turn this IDS into an IPS.  I am looking into snortsam for this.  I don't want to use snort inline because I can't restructure my network.  I like snortsam...

Hello we have a sonicwall Pro2040 and Pro200. We are looking for a reseller for replacement of the 200 and possible 2040. We also want the maintenance and IPS for the 2040. It seems useless trying to get to a reseller from the sonicwall web site,...

I just setup a snort and snort report on ubuntu using the following document:

http://www.snort.org/assets/158/011-snortinstallguide2905.pdf

There isn't any data populating in snort report.  I'm new to snort and don't know what to look for. ...

I am new to snort and am researching ways of installing snort as an IPS so it will drop malicious traffic.  I am looking for a guide on how to install snort in inline mode and haven't really found anything.  I have found a few guides on...

I have minimal experience with linux and was looking for a pre-configured VM with snort + a gui interface. I saw a link to one that was set up by the snort team here:

http://infosecond.blogspot.com/2006/09/preconfigured-snort-vm.html

But...

Hi
I know Why Snort is blocking the IP's .
but I am little bit of confused bout Source port and destination port for this attack


have a look bellow 2 log


15        2        UDP        ET RBN Known Russian Business Network IP UDP (238)         Misc...

Hello,

I am aspiring for an Information Security Managerial role. I have been working on technical part all this while and never attended a management interview. Can you give some input on what kind of question can be asked during a CISSP or...

I would like to know the advantages & disadvantages of IDS related to its features.
What IDS can offer & what IDS can not offer ?

For a SNORT installaion, what is the correct topology, should this reside right behind the outbound interface only?  Or should it have an interface on each subnet?

 
I am new to Snort, I followed the instructions on this url:  https://wwwx.cs.unc.edu/~hays/archives/work/index.php
All went well, Snort is running well and I am having many Snort alerts in the BASE and terminal.

Snort 2.8.4.1 and Barnyard2...

HI
i am really dont know what to do with image file
I have download

      pfSense-1.2.3-RELEASE-512mb-nanobsd.img.gz and pfSense-1.2.3-RELEASE-4g-nanobsd.img.gz
and tryed with nero 9 to burn image file. both of them burned Ok. but none of them...

My company network is protect by a Cisco pix 501 firewall router. recenty found that many user use BT software in the network to download/upload large amount of data. it affects to the whole network performance. Which ports i should block the BT...

I have a Watchguard XTM510 running Fireware XTM 11.2.3, I have set up a logging and reporting server (on the same computer) but only some reports have data. For example, the "Denied Packets Summary" report works fine, but the "Top Clients by...

Hi,  I have a Cisco IDS 4215 with no password and no CD.  Can I recover the password for this device, or can I clear the configuration and set a new password?   The only prompt I get on bootup is the "login:" prompt; then, whatever I enter brings...

We have a new Lenel Onguard Access Control System.  We just purchased a new batch of cards and they send us a different Facility Code along with a different bit (26 bit).  I added a new card format but it still says invalid card format.  Does...

We deployed some 2008 servers in the past with the wrong license and now some of them are losing their activation.   I can use the slmgr.vbs script to capture individual server status but need to find a way to query all my servers. there are...

I am one of the network analyst with my company and I have been seeing an increase in web proxy use and I'm hoping to get some kind of help. Right now the only way I can find someone browsing the Internet via a proxy is by taking the IP address...

Hi All

we are going to implement IPS solution to our company and we have comparison between 3 major players in the Market:
1- Juniper IDP
2- Tipping Point
3- McAfee

so any advice which one the best to select and which model we should get...

Hello Experts,

I have very strange issue with Fortigate 50b IPS.
I have Kerio Connect mail server in my company, Yesterday i created firewall polikcy for it with ports as explained, my problem is custom Services/ports. I have created...

how to set up snort to prevent from ARP spoofing?

Hello,

I am having some DFS issues and have narrowed it down to a windows firewall issue.  When the firewall is on I cannot connect to the share and FRS does not work between two different shares.  When the firewall is off, I can connect to...

Need a help with this event from tipping point unity one
5300: DNS: Suspicious Localhost PTR Record Response
can anyone tell me what it exactly means.

Hi Guys,

My company is looking at purchasing a firewall. We have zoom onto the following 2 products:-

1) fortigate-100A
2) Juniper  SSG 20

Which one would you guys recommend best? Please do not compare by pricing, but more on Antivirus,...

Hi
I have a pfsense Firewall with snort installed,
I see this kind of log :

7        2        UDP        ET RBN Known Russian Business Network IP UDP (238)         Misc Attack        192.168.1.67        34358        ->        82.146.55.35        53        1:2406475:193        09/09-12:19:02

8...

My firewall logs an outbound connection to 80.64.58.95 on port 9997. My searching only tells me that port 9997 is palace-6 but I have no clue what that is. Is this a protocol? Virus? some weird webservice? Am I unknowingly sharing files or...

I downloaded snort for windows at the URL below and installed it on a laptop just to get familliar with it.  The instructions in the Getting Started section of their manual are not clear to me.  What do I need to do to say do a basic sniff of the...

I just used the below guide to help me install Snort 2.9.0.5 on Ubuntu 10.04 LTS:

http://www.snort.org/assets/158/011-snortinstallguide2905.pdf

I painfully got through the installation and got to the part where its time to see if snort will...

I'm wondering if I can use snort and ASA 5510 combination for IDS purpose.

The reason for that is my ASA 5510 doesn't have IPS/IDS module and I want to use free IDS from Snort with Ubuntu.

Is this good practice? Or is there any other way...

I’m noticing two machines that have been assigned addresses via DHCP with neither device displaying its name.  Obviously, neither is listed in DNS.

One of these machines has attacked another computer on the subnet according to a recent alert....

I have recently installed snort with oinkmaster and emrging threats rules on my Ubuntu 8.04 installation desktop.  I need to know what GUI and database i should use and get it up and running and also confirm that oinkmaster is updating the rules?

Recently installed OSSEC (2.3) on CentOS (5.4).  When using the Web User interface - search tab - enter a search and it shows that there are results but not able to display - says nothing returned or search expired.  (See attached image).  Any...

Hello,
I just got a Cisco ASA 5505 with the IPS add-on. I have installed and configured everything to spec. There are some quirky issues though that I think may be caused by the IPS module.

When opening the ASDM or the IME, I see that the...

Hi

I need some pointer to devellop a admin interface for a RSA SecureId server.
Any documentation related would be greatly appreciated.

10x

We're trying to get certified PCI under VISA regulations part D and one of the sections requires Intrusion Detection as a requirement. I'm trying to work with SNORT. Would SNORT *technically* satisfy PCI compliance as a free solution? Also, after...

I get a lot of traffic logged on my IPS referring to UDP: Host Sweep destination port 389.  I dont believe its anything bad.  I just want to good info on it.  

Hello,

I'm getting this error attempting to start Snort:

Failed to load /usr/local/lib/snort_dynamicengine/libsf_engine.so... ERROR:  Failed to load /usr/local/lib/snort_dynamicrules/bad-traffic.so: ...

I would like to have the sensor log remotely to a Kiwi syslog server on the same subnet.  I have tried setting the log alerts to point to my host which is resolvable by DNS but no logs are appearing on Kiwi's console.  Currently I have a sensor...

Forgive me for asking such a broad question, but I recently agreed to spend more time on the security side of things and I was surprised to see just how much things have changed.

Basically, I'm seeing that pretty much everyone has the basics...

I tried setting up snort etc on linux and got no where so i tried this one i was told that was easy to use called easy ids. i have installed it on a p4 2gig machine with one network card. i configured the cards as a static ip address on my home...

We are looking at installing a Cisco IPS 4240 at our office. We cunnertly have a ASA5510 in place. It is better to get the IPS hardware or install the module in the ASA. Are the IPS hardware units going to end of life?

When trying to login to the IPS system I get "Initializing Config Modules" stuck at 92%. This worked for a long time but will not work now. I did login to the IPS console using SSH and did a reboot on the module but it comes back and hangs when...

I have an Apple Airport Extreme Wifi router that temporarily needs to run with no security enabled at all. So obviously any neighbor within range will be able to use my internet connection until I turn the security back on.

Is there an...

I have been playing with snort over the last month.  I have it working as a IDS, alerting me of anything suspicious.  I have now been tasked converting my current snort IDS to inline/IPS mode.  The thing I'm having problems with is finding...

We are using Windows 2003 AD and have account lockout policy open.
If sequential invalid logon is over 5, the account will be lockout.
There are some unknown virus in our network and they will try our accounts.
Is there any clues to find these...

what is  snort sensor and how does it work

I want to install Snort on my ubuntu linux systems Ubuntu 6.06 LTS. I usualy do a lot of the system administration with Webmin. I will like to keep it that way. The main thing is to install snort and I am having a dificult time following the...

Hi Experts,

I am making my first attempt at setting up a Snort IDS system.

Is it best practice for snort to be running inline (over two bridged nics on a linux server) or from a span port on the external facing router (see attached...

Hi There,

I have just upgraded software on a Juniper Srx210H Device. newly installed Software version is 10.4R3.4 and after rebooting i am receiving this error message:

could not open user interface connection: management daemon not...

Caution: If I’m incorrect in anyway on the information provided, please correct me, I’ll sincerely appreciate it.

 

Over the last six months I have been researching about employing an Intrusion Detection System, and this is the results:
...

Hi all,
dear I need to know the right way to manage my new IPS and making sure that it is up to date...is there any check list or process that can be followed to make sure that my IPS is up to date...and it is able to protect my network.

cheers.

Reading pcap files with snort

Hello, I am running snort v2.8.5.3 on Win XP. I have several pcap files that I want to analyze. I tried the -r command and I did not receive any results. I have my pcap files in the bin folder where snort.exe is...

I am building some network services for a personal setup.  I have my own domain so I can use AD/LDAP credentials across the multiple VM's that I have.

I would like to setup a radius server on a vm (similar to Cisco's ACS) to control access to...

I am trying to monitor a port on my cisco asa 5510. I know it can be easily done on the 5505, but the command 'switchport monitor' doesn't work on 8.0(4)

I am trying to set up snort monitoring

I am seeking opinions on hardware recommendations to implement a snort IDS to monitor a gigabit network.

i tried implementing in the past with old hardware that was not adaquate.
i'm working on a proposal to get an IDS up and running...

Dear Experts:

Iam having rhel5.5 working as a samba domain controller , local name server , squid etc this server is also accessed from the internet for doing ftp. Iam looking for deploying the intusion detection system for this server hence...

hi


what is the best Free Intrusion Detection (IDS) ?

Can someone quickly explain what inline vs passive is in Snort.  

Hello,

I have a Distributed File System where File replication is enabled between two file shares on two different servers.  As of yesterday, the file replication is no longer working.  When in DFS, both file shares are shown as online and...

Besides SENTINIX (discontinued), is there an ACID or Snort + Etheral linux distribution system?

Thanks.

I have been trying to understand information from Wireshark (as a hobby on my own network!) and was wondering how I can reassemble the packets into something I can understand.  Is there another program that does this?  (Preferably freeware or...