Intrusion Detection With Snort

Thanks bro. you just saved a college student who is building a capstone project

真的非常感谢！过去的两天我把大多数时间都花在如何配置依赖文件上，对snort本身一点都不了解，出了什么错也不清楚。现在我终于明白了♥

Based God Alexis. Had so much fun setting up this IDS and actually seeing the fruits of my labor (alerts ringing as ICMP protocols are sent through the network). Was excited to pass the traffic logs through Wireshark and to understand that you can actually pass the alerts generated through fast mode to Splunk. Things are finally making sense now. This series has been really fire. Keep up the good work.

You are amazing, very clear information, very descriptive, I understand eveything, I'll recreate it on my side, you rock Alex!

Great tutorial and right-to-the-point examples. I will look to other videos to learn more.

Great work on these Snort videos! Very informative.

It might be great if you increase the video quality. However, providing great content. Support and love from India!!

Very nice tutorial 👍🏾

Excellent content and explanations!! Now, to give it a try. Thanks very much for this!

I am so mad that I am subbed to you but haven't seen any videos in my feed in like a year. Great video as always keep up the great work!

Thank you so much for this perfect explaining!

Thank you, excellent tutorial!

Keep Follow you :) from Dominican Republic. Gracias por todos los tutoriales.

i just read my senior fyp which have the same title. what a coincidence

You're too AweSome Teacher. Thanks very much !!!

Thank you for the video. Please I am trying to get the part 2 of the series but the link is no more active. I will appreciate any pointer to part 2.Thank you once again.

was waiting from yesterday

thank you very much

Great work, keep it up!

Now that's some good shit we need more of on RUclips

Very informative. Thank you.

Great content. Thank you very much

Thank you alexis🙏

بجد ممتاز جدا

Thank you !

Great vid mate. I am running Ubuntu on W11 and I see any local rules I have applied. Cheers

Best Instructor ✌️👌

Thanks for video!!. So i have a question. After detection attacks, how can i stop it on my Snort

can you please share a video about how "metaspoliteable and ubuntu machine that runs Snort" running in same netwrok inside virtualbox. how you manage virtualbox internal network as a Home network for "Metaspoliteable machine and ubuntu machine" . Please 🙏🙏🙏🙏🙏🙏🙏🙏

I have one ubuntu machine where I have installed postfix for email send and receive, multiple users are there , snort is running on the same system , I want that if from that particular system where everything is installed as I mentioned, if user1 will send any email with any attachments to user2 , snort must generate some alert , and let's suppose I have one another system in same network kali linux from that machine if I will send email to that user which is in ubuntu machine I have configured for email , on that case as well email must generate alert for the same. Can you please provide me , the necessary details ,

Hi i am following your tutorial for network intrusion but i am encountering an issue related to ssh , it says connection refused though i have tried every possible solution for this ..

timestamps please! greatful for the content

Any way to make the alert send an email or message of some sort to another device when the pings are detected ?

The link to the part 2 is unavailable, can you help?

what is the difference between the log files which saved in var/log/snort and log files saved under /var/log/snort/alert ?

thanks for this amazing playlist. although, for SMBv1 exploit, my snort don't capture the exploit trafic. should i pass the trafic through the snort VM? because it's not mentioned in the video.

What if we want to use snort as an IPS ? alert, pass, log actions are working in this scenario but drop or reject not . how could we set up it as an active IPS ? anyone ?

Legend

Alexis, can you send the windows 7 unpatched iso you used for testing eternalblue on?

Help!!! I have configured and followed all the way most of the stuff is working but for some reason when i exploit win 7 i am only getting two alerts and the alert message is not generating as well.

Guys, I want to ask about snort. I installed snort on ubuntu with VM UTM software on Mac M1. Usually I can detect traffic using snort in the Virtualbox VM because there is a promiscuous allow all feature. But I'm now using UTM and it doesn't have that feature. So I enabled promisc in the ubuntu server terminal with the command: sudo ip link set enp0s1 promisc on, or sudo ifconfig enp0s1 promisc . However, I couldn't detect any traffic other than traffic going to the server with Snort installed. Do you have a similar solution or case?

I tried many ways, I even modified my iptables rules, firewall restrictions, and all the possible ways, but still I cant get reverse shell. Netcat doesn't listen to my reverse shell, so I stucked in the root me room for more than a week. I need help, please anyone suggest me any ideas to overcome this.

Waiting you to cover Zeek 😏

Great

hello .. would it be possible to put subtitles in portuguese ??? because we follow your work here in Brazil!!

what is interface enp0s3 ? my wifi antenna?

you need to explain the networking setup more otherwise it just sniffs its own VM and thats it more or less

Hi, is it necessary to have a wired connection for this lab or not, mine virtual machine is set to NAT and not the bridge connection. If i change it i loose acces to the internet and my ububtu and kali both have the same ip address so when i ping the adress from kali it just pings it self. can someone help or let me know what am i doing wrong, Thanks.

first view

Snorpy Rule Generator is banned?!

how can snort in ubuntu vm sniff traffic that is not directed to his NIC?