Snort Installation, Config, and Rule Creation on Kali Linux 2.0
Text to Speech Demo
Please check out my Udemy courses! Coupon code applied to the following links....
https://www.udemy.com/hands-on-penetration-testing-labs-20/?couponCode=NINE99
https://www.udemy.com/kali-linux-web-app-pentesting-labs/?couponCode=NINE99
https://www.udemy.com/kali-linux-hands-on-penetration-testing-labs/?couponCode=NINE99
https://www.udemy.com/network-security-analysis-using-wireshark-snort-and-so/?couponCode=NINE99
https://www.udemy.com/snort-intrusion-detection-rule-writing-and-pcap-analysis/?couponCode=NINE99
Description:
This video covers how to install Snort, edit the configuration file, create custom Snort rules, and analyze a PCAP with malicious Neutrino exploit kit activity. The following are the commands I used during the video:
apt-get install snort (this command installs Snort. If you are not root, type sudo apt-get install snort)
ifconfig (this shows the configuration of your local network interface)
touch /etc/snort/rules/custom.rules (this creates a rule file)
vi /etc/snort/snort.conf (this opens the Snort configuration file in Vi text editor)
mkdir log (this creates a directory named log)
snort -l ./log -b -c /etc/snort/snort.conf (this runs Snort in NIDS mode)
alert tcp any any -(greater than symbol) any any (msg:“Possible Neutrino Exploit kit infection.”; content:”vclphjybj.ioxbpjgtqvwqfzmwhn.ga”; classtype:trojan-activity; sid:999995; rev:1;) (Snort rule in video. Please note that pointy brackets aren't allowed in the YouTube description, so use a greater than symbol after any any -)
snort -l ./log -b -c /etc/snort/snort.conf -r (pcap name) (this reads a PCAP and compares it against Snort rules)
2016-02-21 21:38:56
source
Gloss