[Snort-users] Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!

Teo En Ming teo.en.ming at ...11827...
Mon Apr 7 16:24:06 EDT 2014


Dear Jeremy,

I went to http://www.testmyids.com and this is what shows up on my web
browser:

uid=0(root) gid=0(root) groups=0(root)

Is the site working at all? Please check.

By the way, I found a guide for using PulledPork, but I still think it is
not detailed enough to cover every step. The guide mentioned oinkcode but
it did not explain how to use it.

The guide can be found at the following URL:

http://www.rivy.org/2013/03/updating-snort-rules-using-pulled-pork/

Thank you very much.

Teo En Ming


<http://www.testmyids.com>


On Tue, Apr 8, 2014 at 3:27 AM, Jeremy Hoel <jthoel at ...11827...> wrote:

> 1/2 - Look at pulled-pork to handle the rule management tasks; including
> enabling all the rules if that's what you want
>
> 3 -  www.testmyids.com for a quick test, there may or may not be rules
> written for the vulnerability checks.
>
> check your snort.conf for proper variable usage
>
> learn what the rules do and why you expect them to fire.
>
>
>
> On Mon, Apr 7, 2014 at 7:19 PM, Teo En Ming <teo.en.ming at ...11827...> wrote:
>
>> Dear list,
>>
>> I downloaded this set of rules file http://www.snort.org/downloads/2874 (
>> snortrules-snapshot-2960.tar.gz <http://www.snort.org/downloads/2874>).
>>
>> Why are most of the Snort rules commented out? It's like 80% of all the
>> Snort rules are commented out/disabled.
>>
>> Question 1: Shall I un-comment the disabled rules???
>>
>> Also, why are many of the rules files empty?
>>
>> Question 2: Why are many of the rules files empty?
>>
>> I installed Nessus 5.2.6 on my Windows 8.1 machine. I ran Nessus
>> vulnerability scanner against my public IP and no alerts showed up on my
>> Snort IDS at all!
>>
>> Question 3: The Nessus vulnerability scanner reported numerous
>> vulnerabilities. Why are there no alerts in my Snort IDS box at all?
>>
>> I need a favor from you guys. To uncomment all the DISABLED Snort rules,
>> which is probably thousands and thousands of lines, is a colossal task. I
>> think I need to write a sed 's/original text/replacement text/g' linux
>> shell script to uncomment all the disabled Snort rules. But the problem is
>> that my Linux shell scripting knowledge is a bit rusty and I would need to
>> revise it. Hence I am wondering if any of you guys can write a bash script
>> with sed and for loops to uncomment the disabled Snort rules??? Thanks in
>> advance!!! Don't worry, I will vet through the submitted shell scripts.
>>
>> I am looking forward to your replies.
>>
>> Thank you very much.
>>
>> Yours sincerely,
>>
>> Teo En Ming
>>
>>
>> ------------------------------------------------------------------------------
>> Put Bad Developers to Shame
>> Dominate Development with Jenkins Continuous Integration
>> Continuously Automate Build, Test & Deployment
>> Start a new project now. Try Jenkins in the cloud.
>> http://p.sf.net/sfu/13600_Cloudbees
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140408/02ba7151/attachment.html>


More information about the Snort-users mailing list