s426254/DNWA
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7ada2aba08
DNWA/6/raport.txt
Jakub Stefko c5d3446d5b ...
2021-01-23 13:18:43 +01:00

29 lines
2.6 KiB
Plaintext
Raw Blame History

Jakub Stefko, 426254
zadanie 2:
Żeby skonfigurować oinkmaster'a w pliku oinkmaster.conf trzeba dodać linię:
url = http://www.snort.org/pub-bin/oinkmaster.cgi/d8937d0b824a989352eb5b6d135fec7ecd4a293c/snortrules-snapshot-3000.tar.gz
a potem uruchomić program z flagą "o" żeby załapał zmianę w konfiguracji.
zadanie 3:
logi:
12/31/2020-04:20:34.832397 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:35.833754 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:36.836079 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:37.838630 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:38.839626 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:39.842320 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:40.844130 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:41.846284 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:42.847602 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:43.849375 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:44.851161 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
12/31/2020-04:20:45.853028 [**] [1:57000001:0] pakiet nie moze byc dluzszy niz 456B [**] [Classification: (null)] [Priority: 3] {ICMP} 10.0.0.145:8 -> 216.58.215.78:0
zadanie 4:
alert icmp any any -> any any (msg:"pakiet nie moze byc dluzszy niz 456B"; itype:8; dsize:456; sid:57000001;)
zadanie dodatkowe:
zainstalowałem program u2json który wyświetla logi właśnie jako JSON.
uruchomienie programu jest dość proste: idstools-u2json /var/log/snort/unified2.log
Reference in New Issue View Git Blame Copy Permalink