Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!

[Teo En Ming <teo.en.ming () gmail com>]

Hi Jeremy,

Is there a manual for using pulled-pork? I can't find the manual for it in
http://www.snort.org/docs

Thank you very much.

Teo En Ming


On Tue, Apr 8, 2014 at 3:27 AM, Jeremy Hoel <jthoel () gmail com> wrote:

> 1/2 - Look at pulled-pork to handle the rule management tasks; including
> enabling all the rules if that's what you want
>
> 3 -  www.testmyids.com for a quick test, there may or may not be rules
> written for the vulnerability checks.
>
> check your snort.conf for proper variable usage
>
> learn what the rules do and why you expect them to fire.
>
>
>
> On Mon, Apr 7, 2014 at 7:19 PM, Teo En Ming <teo.en.ming () gmail com> wrote:
>
> > Dear list,
> >
> > I downloaded this set of rules file http://www.snort.org/downloads/2874 (
> > snortrules-snapshot-2960.tar.gz <http://www.snort.org/downloads/2874>).
> >
> > Why are most of the Snort rules commented out? It's like 80% of all the
> > Snort rules are commented out/disabled.
> >
> > Question 1: Shall I un-comment the disabled rules???
> >
> > Also, why are many of the rules files empty?
> >
> > Question 2: Why are many of the rules files empty?
> >
> > I installed Nessus 5.2.6 on my Windows 8.1 machine. I ran Nessus
> > vulnerability scanner against my public IP and no alerts showed up on my
> > Snort IDS at all!
> >
> > Question 3: The Nessus vulnerability scanner reported numerous
> > vulnerabilities. Why are there no alerts in my Snort IDS box at all?
> >
> > I need a favor from you guys. To uncomment all the DISABLED Snort rules,
> > which is probably thousands and thousands of lines, is a colossal task. I
> > think I need to write a sed 's/original text/replacement text/g' linux
> > shell script to uncomment all the disabled Snort rules. But the problem is
> > that my Linux shell scripting knowledge is a bit rusty and I would need to
> > revise it. Hence I am wondering if any of you guys can write a bash script
> > with sed and for loops to uncomment the disabled Snort rules??? Thanks in
> > advance!!! Don't worry, I will vet through the submitted shell scripts.
> >
> > I am looking forward to your replies.
> >
> > Thank you very much.
> >
> > Yours sincerely,
> >
> > Teo En Ming
> >
> >
> > ------------------------------------------------------------------------------
> > Put Bad Developers to Shame
> > Dominate Development with Jenkins Continuous Integration
> > Continuously Automate Build, Test & Deployment
> > Start a new project now. Try Jenkins in the cloud.
> > http://p.sf.net/sfu/13600_Cloudbees
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!