Based God Alexis. Had so much fun setting up this IDS and actually seeing the fruits of my labor (alerts ringing as ICMP protocols are sent through the network). Was excited to pass the traffic logs through Wireshark and to understand that you can actually pass the alerts generated through fast mode to Splunk. Things are finally making sense now. This series has been really fire. Keep up the good work.
@@webghost it’ll be alright bro! However, this channel has helped me in such a huge way that I’m not crying about res. I’d watch this in 8-bit, but hey different strokes, different folks
Thank you for the video. Please I am trying to get the part 2 of the series but the link is no more active. I will appreciate any pointer to part 2.Thank you once again.
Thank you, SIRE! You Rock. BUT, a little ERROR on your part (maybe) confused me (5:50): I suppose it had to be like - If you wanna use `snort` as an IPS too, then use the `-Q` option, and since we're doing only IDS, but not an IPS, we're not gonna use `-Q` option. Please, correct me, if I'm wrong. God bless you, SIRE! CHEERS!
thanks for this amazing playlist. although, for SMBv1 exploit, my snort don't capture the exploit trafic. should i pass the trafic through the snort VM? because it's not mentioned in the video.
Hi i am following your tutorial for network intrusion but i am encountering an issue related to ssh , it says connection refused though i have tried every possible solution for this ..
Help!!! I have configured and followed all the way most of the stuff is working but for some reason when i exploit win 7 i am only getting two alerts and the alert message is not generating as well.
I have one ubuntu machine where I have installed postfix for email send and receive, multiple users are there , snort is running on the same system , I want that if from that particular system where everything is installed as I mentioned, if user1 will send any email with any attachments to user2 , snort must generate some alert , and let's suppose I have one another system in same network kali linux from that machine if I will send email to that user which is in ubuntu machine I have configured for email , on that case as well email must generate alert for the same. Can you please provide me , the necessary details ,
I tried many ways, I even modified my iptables rules, firewall restrictions, and all the possible ways, but still I cant get reverse shell. Netcat doesn't listen to my reverse shell, so I stucked in the root me room for more than a week. I need help, please anyone suggest me any ideas to overcome this.
What if we want to use snort as an IPS ? alert, pass, log actions are working in this scenario but drop or reject not . how could we set up it as an active IPS ? anyone ?
@@HackerSploit appreciate !!! because 43 people here in Brazil watch your video ..but not all of them use English !!! and we wait for the next videos !!!!!🇧🇷✨
Guys, I want to ask about snort. I installed snort on ubuntu with VM UTM software on Mac M1. Usually I can detect traffic using snort in the Virtualbox VM because there is a promiscuous allow all feature. But I'm now using UTM and it doesn't have that feature. So I enabled promisc in the ubuntu server terminal with the command: sudo ip link set enp0s1 promisc on, or sudo ifconfig enp0s1 promisc . However, I couldn't detect any traffic other than traffic going to the server with Snort installed. Do you have a similar solution or case?
Hi, is it necessary to have a wired connection for this lab or not, mine virtual machine is set to NAT and not the bridge connection. If i change it i loose acces to the internet and my ububtu and kali both have the same ip address so when i ping the adress from kali it just pings it self. can someone help or let me know what am i doing wrong, Thanks.
can you please share a video about how "metaspoliteable and ubuntu machine that runs Snort" running in same netwrok inside virtualbox. how you manage virtualbox internal network as a Home network for "Metaspoliteable machine and ubuntu machine" . Please 🙏🙏🙏🙏🙏🙏🙏🙏
Brother @@fajarahmad5880, VirtualBox or Vmware no matter which one you use, the application gives you the option to create a personalized network and when all OS including Ubuntu, windows, metasploitable machine , etc are in the same network then you can ping all those hosts, intercept their communication, deliver the payload to them, can be established the connection. this is how he discovered metasploitable machine and launched an attack, besides that Ubuntu with Snort are in the same network so Snort can inspect all traffic and take action based on the role. The whole thing is not that simple but the basic thing is as I described.
Thanks bro. you just saved a college student who is building a capstone project
Based God Alexis. Had so much fun setting up this IDS and actually seeing the fruits of my labor (alerts ringing as ICMP protocols are sent through the network). Was excited to pass the traffic logs through Wireshark and to understand that you can actually pass the alerts generated through fast mode to Splunk. Things are finally making sense now. This series has been really fire. Keep up the good work.
Thank you very much for the feedback, i am glad you have found value in the content.
@@HackerSploit can we set this in windows 10 or 11
真的非常感谢!过去的两天我把大多数时间都花在如何配置依赖文件上,对snort本身一点都不了解,出了什么错也不清楚。现在我终于明白了♥
You are amazing, very clear information, very descriptive, I understand eveything, I'll recreate it on my side, you rock Alex!
Very nice tutorial 👍🏾
Great tutorial and right-to-the-point examples. I will look to other videos to learn more.
I am so mad that I am subbed to you but haven't seen any videos in my feed in like a year. Great video as always keep up the great work!
It might be great if you increase the video quality. However, providing great content. Support and love from India!!
yeah, following.
Nah bro his quality is spot on
Videos can only be watched at lower resolution for the first hours after the upload and then it should be at 1080p as he intended
@@webghost it’ll be alright bro! However, this channel has helped me in such a huge way that I’m not crying about res. I’d watch this in 8-bit, but hey different strokes, different folks
Thank you for the video. Please I am trying to get the part 2 of the series but the link is no more active. I will appreciate any pointer to part 2.Thank you once again.
Great work on these Snort videos! Very informative.
Excellent content and explanations!! Now, to give it a try. Thanks very much for this!
Thank you so much for this perfect explaining!
Keep Follow you :) from Dominican Republic. Gracias por todos los tutoriales.
Thank you, excellent tutorial!
The link to get access to part 2 doesn't work. Where can I view it?
Thank you, SIRE! You Rock.
BUT, a little ERROR on your part (maybe) confused me (5:50):
I suppose it had to be like - If you wanna use `snort` as an IPS too, then use the `-Q` option, and since we're doing only IDS, but not an IPS, we're not gonna use `-Q` option. Please, correct me, if I'm wrong.
God bless you, SIRE!
CHEERS!
You're too AweSome Teacher. Thanks very much !!!
thank you very much
i just read my senior fyp which have the same title. what a coincidence
The link to the part 2 is unavailable, can you help?
Thanks for video!!. So i have a question. After detection attacks, how can i stop it on my Snort
Thank you alexis🙏
Alexis, can you send the windows 7 unpatched iso you used for testing eternalblue on?
what is the difference between the log files which saved in var/log/snort and log files saved under /var/log/snort/alert ?
thanks for this amazing playlist. although, for SMBv1 exploit, my snort don't capture the exploit trafic. should i pass the trafic through the snort VM? because it's not mentioned in the video.
Very informative. Thank you.
Any way to make the alert send an email or message of some sort to another device when the pings are detected ?
Hi i am following your tutorial for network intrusion but i am encountering an issue related to ssh , it says connection refused though i have tried every possible solution for this ..
Great vid mate. I am running Ubuntu on W11 and I see any local rules I have applied. Cheers
Thank you !
Great content. Thank you very much
Best Instructor ✌️👌
Help!!! I have configured and followed all the way most of the stuff is working but for some reason when i exploit win 7 i am only getting two alerts and the alert message is not generating as well.
Great work, keep it up!
I have one ubuntu machine where I have installed postfix for email send and receive, multiple users are there , snort is running on the same system , I want that if from that particular system where everything is installed as I mentioned, if user1 will send any email with any attachments to user2 , snort must generate some alert , and let's suppose I have one another system in same network kali linux from that machine if I will send email to that user which is in ubuntu machine I have configured for email , on that case as well email must generate alert for the same. Can you please provide me , the necessary details ,
how do i load up snorpy GUI
please help me
Now that's some good shit we need more of on UA-cam
I tried many ways, I even modified my iptables rules, firewall restrictions, and all the possible ways, but still I cant get reverse shell. Netcat doesn't listen to my reverse shell, so I stucked in the root me room for more than a week. I need help, please anyone suggest me any ideas to overcome this.
What if we want to use snort as an IPS ? alert, pass, log actions are working in this scenario but drop or reject not . how could we set up it as an active IPS ? anyone ?
hello .. would it be possible to put subtitles in portuguese ??? because we follow your work here in Brazil!!
Hello, we will work on getting the videos transcoded. Greetings to Brazil!
@@HackerSploit appreciate !!! because 43 people here in Brazil watch your video ..but not all of them use English !!! and we wait for the next videos !!!!!🇧🇷✨
timestamps please! greatful for the content
what is interface enp0s3 ? my wifi antenna?
Guys, I want to ask about snort. I installed snort on ubuntu with VM UTM software on Mac M1. Usually I can detect traffic using snort in the Virtualbox VM because there is a promiscuous allow all feature. But I'm now using UTM and it doesn't have that feature. So I enabled promisc in the ubuntu server terminal with the command: sudo ip link set enp0s1 promisc on, or sudo ifconfig enp0s1 promisc . However, I couldn't detect any traffic other than traffic going to the server with Snort installed. Do you have a similar solution or case?
بجد ممتاز جدا
was waiting from yesterday
Hi, is it necessary to have a wired connection for this lab or not, mine virtual machine is set to NAT and not the bridge connection. If i change it i loose acces to the internet and my ububtu and kali both have the same ip address so when i ping the adress from kali it just pings it self. can someone help or let me know what am i doing wrong, Thanks.
I was able to fix it, just needed bridge connections, changing ip addresses and making a chnage to the snort.conf
can you please share a video about how "metaspoliteable and ubuntu machine that runs Snort" running in same netwrok inside virtualbox. how you manage virtualbox internal network as a Home network for "Metaspoliteable machine and ubuntu machine" . Please 🙏🙏🙏🙏🙏🙏🙏🙏
same question. Have you figured how he's attacking the metasploitable machine and Ubuntu os detecting it?
Brother @@fajarahmad5880, VirtualBox or Vmware no matter which one you use, the application gives you the option to create a personalized network and when all OS including Ubuntu, windows, metasploitable machine , etc are in the same network then you can ping all those hosts, intercept their communication, deliver the payload to them, can be established the connection. this is how he discovered metasploitable machine and launched an attack, besides that Ubuntu with Snort are in the same network so Snort can inspect all traffic and take action based on the role. The whole thing is not that simple but the basic thing is as I described.
you need to explain the networking setup more otherwise it just sniffs its own VM and thats it more or less
also it doesnt go well with parallels setup
Snorpy Rule Generator is banned?!
Waiting you to cover Zeek 😏
Great
Legend
first view
how can snort in ubuntu vm sniff traffic that is not directed to his NIC?
Change to a bridged connection
Itll have a 192.168.x.x IP so you'll be able to interact with your entire subnet like any other device