Zer0Byte

Geekiest Techno News

How To Configure Snort on Backtrack 5

how to configure Snort on backtrack 5 rc3

About Snort

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire.

Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.

HOW To Start SNORT ON BACKTRACK 5-rc3

Backtrack > Services > Snort Services > snort start

SNORT STARTED

How To Configure Snort

To configure snort , we use vim editor .

To open snort configuration file , enter the command

#vim /etc/snort/snort.conf

Note : To enter text in vim press ‘ i ‘ .

SNORT CONGURATION

CONFIG HERE

This is the area where you have to work . you will find a line look like this var HOME_NET any . Now replace this any to your own internal ip address . In my case my ip address is 192.168.56.110. If you don’t know your own ip address then use the ifconfig command .

And at the end save this file by pressing ‘ Esc key then :wq ‘ then press enter.

SNORT CONGURATION

RESTART SNORT by entering the command as shown below.

#/etc/init.d/snort restart

EXAMPLES

Here i use Backtrack 5r3 as a snort machine ( IDS ) and Kali Linux as a attacker machine . Both are open source linux so easy for you to download .

Now without wasting time see the examples

USING DMITRY FROM KALI LINUX

Here i perform the Deepmagic Information Gathering Tool also known as ‘Dmitry’. I used this tool to scan for TCP Ports .

ATTACKER MACHINE

I have noticed that Kali Linux uses dmitry to performing tcp scan on snort machine (192.168.56.110). use this command

#dmirty -p 192.168.56.110 fron ur kali machine

SNORT DETECTION EXAMPLE 1

IDS SNORT CAUGHT SOMETHING

Here you can see that Snort has caught something . It shows a Tcp port scan is performed by the 192.168.56.110 ip address.

Its a very useful information. use thiscommand

#snort -q -A console -i eth0 -c /etc/snort/snort.conf

EXAMPLE 2 : PERFORM OS DETECTION SCAN

Here i used nmap to perform ” OS DETECTION SCAN “.

Command i used : nmap -v -A 192.168.56.110

See the below image of performing OS Detection scan on kali linux .

SNORT DETECTION EXAMPLE 2

Now the best thing , you can see the behaviour of the scan that is performed by nmap .

#snort -q -A console -i eth0 -c /etc/snort/snort.conf

CONCLUSION

So this is how you can use snort on backtrack 5.

Good in aspect of security .

You can use it to understand the behaviour of the attack .

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime .

Comments

  1. […] Zer0Byte var hupso_services_t=new Array("Twitter","Facebook","Google Plus","Pinterest","Linkedin","StumbleUpon","Digg","Reddit","Bebo","Delicious","Email");var hupso_background_t="#EAF4FF";var hupso_border_t="#66CCFF";var hupso_toolbar_size_t="medium";var hupso_twitter_via = "LostMyPassword_";var hupso_image_folder_url = "";var hupso_twitter_via="LostMyPassword_";var hupso_title_t="How To Configure Snort on Backtrack 5"; Tags:Backtrack, Configure, Snort […]