Reply To: How can I execute snort?

Home Page Forums Network Management Snort IDS How can I execute snort? Reply To: How can I execute snort?

#49270

eggheadSV
Member

@jc wrote:

snort should have started on its own or after a restart. take a look in system — log, from the drop down menu choose snort.

Thank you for reply, I can see in my log —
08:44:56 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:1696
08:45:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
08:46:50 message repeated 5 times
08:48:50 message repeated 10 times
08:50:50 message repeated 10 times
08:50:50 message repeated 4 times
08:51:34 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:1748 -> 209.85.227.167:80
08:51:35 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:1749 -> 209.85.227.167:80
08:51:35 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:1750 -> 193.206.152.106:80
08:51:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
08:52:50 message repeated 5 times
08:53:50 message repeated 9 times
08:54:41 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1799
08:54:48 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.123:80 -> 192.168.1.2:1800
08:54:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
08:54:50 message repeated 4 times
08:54:53 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1804
08:54:56 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:1805
08:55:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
08:56:50 message repeated 5 times
08:58:51 message repeated 10 times
08:59:51 message repeated 9 times
09:00:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:01:50 message repeated 5 times
09:02:51 message repeated 5 times
09:03:51 message repeated 9 times
09:04:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:04:51 message repeated 4 times
09:05:19 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1876
09:05:29 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1880
09:05:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:06:51 message repeated 5 times
09:06:51 message repeated 4 times
09:07:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:08:51 message repeated 5 times
09:09:51 message repeated 9 times
09:10:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:11:51 message repeated 5 times
09:13:51 message repeated 10 times
09:14:51 message repeated 9 times
09:15:20 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2050
09:15:30 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2055
09:15:43 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.123:80 -> 192.168.1.2:2064
09:15:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:15:51 message repeated 4 times
09:16:11 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:2068
09:16:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:17:51 message repeated 5 times
09:19:51 message repeated 10 times
09:21:51 message repeated 10 times
09:22:52 message repeated 5 times
09:24:52 message repeated 10 times
09:24:52 message repeated 4 times
09:25:24 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2235
09:25:30 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2240
09:25:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:25:52 message repeated 4 times
09:26:22 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:2259
09:26:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:27:52 message repeated 5 times
09:29:52 message repeated 10 times
09:31:52 message repeated 10 times
09:31:52 message repeated 4 times
09:32:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:33:52 message repeated 5 times
09:34:52 message repeated 9 times
09:35:24 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2558
09:35:31 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2563
09:35:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:35:52 message repeated 4 times
09:36:22 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:2586
09:36:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:37:52 message repeated 5 times
09:37:52 message repeated 4 times
09:38:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
09:39:52 message repeated 5 times
09:40:53 message repeated 5 times
09:42:20 message repeated 10 times
09:42:20 message repeated 4 times
09:42:38 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2781 -> 193.206.152.106:80
09:42:40 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
09:42:41 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
09:42:41 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2791 -> 193.206.152.106:80
09:43:06 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
09:43:07 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
09:43:07 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2810 -> 193.206.152.106:80
09:43:13 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2817 -> 193.206.152.106:80
09:43:14 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
09:43:14 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
09:43:14 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2818 -> 193.206.152.106:80
09:43:17 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2820 -> 193.206.152.106:80
09:43:17 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
09:43:17 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
09:43:18 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
09:43:18 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
09:43:18 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2821 -> 193.206.152.106:80
09:43:18 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2821 -> 193.206.152.106:80
09:43:30 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
09:43:30 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
09:43:30 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2832 -> 193.206.152.106:80

How can I run now Snort from a command prompt?