How can I execute snort?

Home Page Forums Network Management Snort IDS How can I execute snort?

This topic contains 4 replies, has 0 voices, and was last updated by  eggheadSV 9 years, 2 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #42096

    eggheadSV
    Member

    Hello, guys!
    Sorry, for a silly question.
    How can I execute SNORT?
    I’ve just installed it following instructions from this site —

    cd /Database
    wget http://www.zeroshell.net/listing/DA12-Snort-2.8.5-1.0.beta12.tar.bz2
    tar xvfj DA12-Snort-2.8.5-1.0.beta12.tar.bz2
    cd DA12
    ./install.sh

    Now I can start and restart snort as service.
    Then I try to execute snort –

    >snort
    bash : snort : command not found

    What’s wrong?

    Regards, Sergey.

    #49269

    JC
    Member

    snort should have started on its own or after a restart. take a look in system — log, from the drop down menu choose snort.

    #49270

    eggheadSV
    Member

    @jc wrote:

    snort should have started on its own or after a restart. take a look in system — log, from the drop down menu choose snort.

    Thank you for reply, I can see in my log —
    08:44:56 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:1696
    08:45:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    08:46:50 message repeated 5 times
    08:48:50 message repeated 10 times
    08:50:50 message repeated 10 times
    08:50:50 message repeated 4 times
    08:51:34 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:1748 -> 209.85.227.167:80
    08:51:35 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:1749 -> 209.85.227.167:80
    08:51:35 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:1750 -> 193.206.152.106:80
    08:51:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    08:52:50 message repeated 5 times
    08:53:50 message repeated 9 times
    08:54:41 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1799
    08:54:48 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.123:80 -> 192.168.1.2:1800
    08:54:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    08:54:50 message repeated 4 times
    08:54:53 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1804
    08:54:56 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:1805
    08:55:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    08:56:50 message repeated 5 times
    08:58:51 message repeated 10 times
    08:59:51 message repeated 9 times
    09:00:50 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:01:50 message repeated 5 times
    09:02:51 message repeated 5 times
    09:03:51 message repeated 9 times
    09:04:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:04:51 message repeated 4 times
    09:05:19 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1876
    09:05:29 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:1880
    09:05:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:06:51 message repeated 5 times
    09:06:51 message repeated 4 times
    09:07:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:08:51 message repeated 5 times
    09:09:51 message repeated 9 times
    09:10:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:11:51 message repeated 5 times
    09:13:51 message repeated 10 times
    09:14:51 message repeated 9 times
    09:15:20 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2050
    09:15:30 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2055
    09:15:43 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.123:80 -> 192.168.1.2:2064
    09:15:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:15:51 message repeated 4 times
    09:16:11 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:2068
    09:16:51 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:17:51 message repeated 5 times
    09:19:51 message repeated 10 times
    09:21:51 message repeated 10 times
    09:22:52 message repeated 5 times
    09:24:52 message repeated 10 times
    09:24:52 message repeated 4 times
    09:25:24 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2235
    09:25:30 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2240
    09:25:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:25:52 message repeated 4 times
    09:26:22 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:2259
    09:26:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:27:52 message repeated 5 times
    09:29:52 message repeated 10 times
    09:31:52 message repeated 10 times
    09:31:52 message repeated 4 times
    09:32:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:33:52 message repeated 5 times
    09:34:52 message repeated 9 times
    09:35:24 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2558
    09:35:31 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.120:80 -> 192.168.1.2:2563
    09:35:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:35:52 message repeated 4 times
    09:36:22 [1:1201:7] ATTACK-RESPONSES 403 Forbidden [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 195.82.146.121:80 -> 192.168.1.2:2586
    09:36:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:37:52 message repeated 5 times
    09:37:52 message repeated 4 times
    09:38:52 [1:1384:10] MISC UPnP malformed advertisement [Classification: Misc Attack] [Priority: 2]: {UDP} 192.168.1.2:1824 -> 239.255.255.250:1900
    09:39:52 message repeated 5 times
    09:40:53 message repeated 5 times
    09:42:20 message repeated 10 times
    09:42:20 message repeated 4 times
    09:42:38 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2781 -> 193.206.152.106:80
    09:42:40 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
    09:42:41 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
    09:42:41 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2791 -> 193.206.152.106:80
    09:43:06 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
    09:43:07 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
    09:43:07 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2810 -> 193.206.152.106:80
    09:43:13 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2817 -> 193.206.152.106:80
    09:43:14 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
    09:43:14 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
    09:43:14 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2818 -> 193.206.152.106:80
    09:43:17 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2820 -> 193.206.152.106:80
    09:43:17 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
    09:43:17 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
    09:43:18 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
    09:43:18 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
    09:43:18 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2821 -> 193.206.152.106:80
    09:43:18 [1:2566:5] WEB-PHP PHPBB viewforum.php access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {TCP} 192.168.1.2:2821 -> 193.206.152.106:80
    09:43:30 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2759 -> 209.85.227.166:80
    09:43:30 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2758 -> 209.85.227.166:80
    09:43:30 [1:2229:5] WEB-PHP viewtopic.php access [Classification: Web Application Attack] [Priority: 1]: {TCP} 192.168.1.2:2832 -> 193.206.152.106:80

    How can I run now Snort from a command prompt?

    #49271

    ppalias
    Member
    service snort start
    #49272

    eggheadSV
    Member

    @ppalias wrote:

    service snort start

    Please, read my first post more attentively 😀

    #49273

    JC
    Member

    i read that you installed snort and think you are having trouble having it run, ppalias has given you the command to start snort “service snort start” and i would imagine the command to stop it is “service snort stop”, but it appears from the log that it is running. are you expecting to see a page dedicated to snort? as it stands all you can do from the web gui is to view the log. from the posted log it appears to be running.
    plz be more specific w/ what exactly is your problem, then we can better assist you.
    (do you have an ssh client to access ZS, did you enable ssh in the system SSH? PuTTy is my favorite)

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.