Intrusion Detection With Snort
HTML-код
- Опубликовано: 14 дек 2024
- This video covers the process of using custom and community Snort rules. An IDS is a system/host planted within a network to capture traffic and identify malicious activity based on predefined rules, after which, this malicious activity is logged, and a notification is sent to the relevant parties informing them of an intrusion.
You can register for part 2 of this series for free here: bit.ly/3yJqT3c
//LINKS
Snort Website: www.snort.org/
Snorpy Rule Generator: www.cyb3rs3c.net/
Video Slides: bit.ly/38BGqYi
Register For Part 2 Of This Series: bit.ly/3yJqT3c
Get 100$ In Free Linode Credit: bit.ly/39mrvRM
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.c...
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Cybersecurity#BlueTeam
Thanks bro. you just saved a college student who is building a capstone project
Based God Alexis. Had so much fun setting up this IDS and actually seeing the fruits of my labor (alerts ringing as ICMP protocols are sent through the network). Was excited to pass the traffic logs through Wireshark and to understand that you can actually pass the alerts generated through fast mode to Splunk. Things are finally making sense now. This series has been really fire. Keep up the good work.
Thank you very much for the feedback, i am glad you have found value in the content.
@@HackerSploit can we set this in windows 10 or 11
Great work on these Snort videos! Very informative.
真的非常感谢!过去的两天我把大多数时间都花在如何配置依赖文件上,对snort本身一点都不了解,出了什么错也不清楚。现在我终于明白了♥
Very nice tutorial 👍🏾
You are amazing, very clear information, very descriptive, I understand eveything, I'll recreate it on my side, you rock Alex!
Great tutorial and right-to-the-point examples. I will look to other videos to learn more.
I am so mad that I am subbed to you but haven't seen any videos in my feed in like a year. Great video as always keep up the great work!
Thank you for the video. Please I am trying to get the part 2 of the series but the link is no more active. I will appreciate any pointer to part 2.Thank you once again.
It might be great if you increase the video quality. However, providing great content. Support and love from India!!
yeah, following.
Nah bro his quality is spot on
Videos can only be watched at lower resolution for the first hours after the upload and then it should be at 1080p as he intended
@@webghost it’ll be alright bro! However, this channel has helped me in such a huge way that I’m not crying about res. I’d watch this in 8-bit, but hey different strokes, different folks
Thank you, SIRE! You Rock.
BUT, a little ERROR on your part (maybe) confused me (5:50):
I suppose it had to be like - If you wanna use `snort` as an IPS too, then use the `-Q` option, and since we're doing only IDS, but not an IPS, we're not gonna use `-Q` option. Please, correct me, if I'm wrong.
God bless you, SIRE!
CHEERS!
Excellent content and explanations!! Now, to give it a try. Thanks very much for this!
Thank you so much for this perfect explaining!
Thank you, excellent tutorial!
The link to get access to part 2 doesn't work. Where can I view it?
Great work, keep it up!
Thanks for video!!. So i have a question. After detection attacks, how can i stop it on my Snort
Keep Follow you :) from Dominican Republic. Gracias por todos los tutoriales.
You're too AweSome Teacher. Thanks very much !!!
what is the difference between the log files which saved in var/log/snort and log files saved under /var/log/snort/alert ?
Any way to make the alert send an email or message of some sort to another device when the pings are detected ?
Alexis, can you send the windows 7 unpatched iso you used for testing eternalblue on?
was waiting from yesterday
thanks for this amazing playlist. although, for SMBv1 exploit, my snort don't capture the exploit trafic. should i pass the trafic through the snort VM? because it's not mentioned in the video.
Great vid mate. I am running Ubuntu on W11 and I see any local rules I have applied. Cheers
i just read my senior fyp which have the same title. what a coincidence
I have one ubuntu machine where I have installed postfix for email send and receive, multiple users are there , snort is running on the same system , I want that if from that particular system where everything is installed as I mentioned, if user1 will send any email with any attachments to user2 , snort must generate some alert , and let's suppose I have one another system in same network kali linux from that machine if I will send email to that user which is in ubuntu machine I have configured for email , on that case as well email must generate alert for the same. Can you please provide me , the necessary details ,
Guys, I want to ask about snort. I installed snort on ubuntu with VM UTM software on Mac M1. Usually I can detect traffic using snort in the Virtualbox VM because there is a promiscuous allow all feature. But I'm now using UTM and it doesn't have that feature. So I enabled promisc in the ubuntu server terminal with the command: sudo ip link set enp0s1 promisc on, or sudo ifconfig enp0s1 promisc . However, I couldn't detect any traffic other than traffic going to the server with Snort installed. Do you have a similar solution or case?
Hi i am following your tutorial for network intrusion but i am encountering an issue related to ssh , it says connection refused though i have tried every possible solution for this ..
The link to the part 2 is unavailable, can you help?
Help!!! I have configured and followed all the way most of the stuff is working but for some reason when i exploit win 7 i am only getting two alerts and the alert message is not generating as well.
What if we want to use snort as an IPS ? alert, pass, log actions are working in this scenario but drop or reject not . how could we set up it as an active IPS ? anyone ?
I tried many ways, I even modified my iptables rules, firewall restrictions, and all the possible ways, but still I cant get reverse shell. Netcat doesn't listen to my reverse shell, so I stucked in the root me room for more than a week. I need help, please anyone suggest me any ideas to overcome this.
Very informative. Thank you.
Thank you alexis🙏
thank you very much
can you please share a video about how "metaspoliteable and ubuntu machine that runs Snort" running in same netwrok inside virtualbox. how you manage virtualbox internal network as a Home network for "Metaspoliteable machine and ubuntu machine" . Please 🙏🙏🙏🙏🙏🙏🙏🙏
Now that's some good shit we need more of on RUclips
Great content. Thank you very much
Thank you !
Hi, is it necessary to have a wired connection for this lab or not, mine virtual machine is set to NAT and not the bridge connection. If i change it i loose acces to the internet and my ububtu and kali both have the same ip address so when i ping the adress from kali it just pings it self. can someone help or let me know what am i doing wrong, Thanks.
I was able to fix it, just needed bridge connections, changing ip addresses and making a chnage to the snort.conf
what is interface enp0s3 ? my wifi antenna?
Best Instructor ✌️👌
بجد ممتاز جدا
hello .. would it be possible to put subtitles in portuguese ??? because we follow your work here in Brazil!!
Hello, we will work on getting the videos transcoded. Greetings to Brazil!
@@HackerSploit appreciate !!! because 43 people here in Brazil watch your video ..but not all of them use English !!! and we wait for the next videos !!!!!🇧🇷✨
timestamps please! greatful for the content
you need to explain the networking setup more otherwise it just sniffs its own VM and thats it more or less
also it doesnt go well with parallels setup
Waiting you to cover Zeek 😏
Snorpy Rule Generator is banned?!
Great
Legend
first view
how can snort in ubuntu vm sniff traffic that is not directed to his NIC?
Change to a bridged connection
Itll have a 192.168.x.x IP so you'll be able to interact with your entire subnet like any other device