Monthly Archives: May 2016
Install and configure Snort
Hi guys,
I finally got my snort working. We have to use the Registered version of snort rules from Snort website. If you are using latest version of Snort then you will need to download snortrules-snapshot-2982.tar.gz rules
Snort Setup Instructions:
1. Download and install Snort version 2.9.8.2 exe
2. Sign in to Snort website and download rules ( snortrules-snapshot-2982.tar.gz ) under Rules -> Registered section
3. Extract the rules file ( snortrules-snapshot-2982.tar.gz ) using Winrar or 7-Zip
4. Copy all files from the extracted snortrules-snapshot-2982 folder to your Snort installation folder C:\Snort\
NOTE: Overwrite any existing files
5. Edit your snort.conf file located in c:\snort\etc\ to your windows path
Here is my modified: snort.conf
6. Find your wireless/Ethernet interface # by typing: route print at the command prompt
7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin” folder. ( at the Prompt, type cd c:\snort\bin )
8. To run snort enter the following command:
snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 4
Note: My wireless interface # is 4
Question
Hi All –
I have a question which I would like your input on; what are some of the ways that organizations forensics teams use to correspond with their computer incident response teams if they notice collusion between an insider and an external attacker?
Thanks for your input.
Mustafa
Welcome to class
Hello All,
Welcome to Intrusion Detection and Response class. I look forward to getting to meeting all of you next week. You will be able to find the syllabus and a rough schedule at MIS Community site. I like the course to be fluid so that we can make it effective for the class. If you have any questions prior to the class, please feel free to either post a question or send me an email.
If you don’t mind please take a moment to introduce yourself, so that I get familiar with your expectations for this class.