Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!

[Joel Esler <jesler () cisco com>]

http://lmgtfy.com/?q=pulledpork+faq&l=1

Let’s try that.  


On Monday, April 7, 2014 at 3:42 PM, Teo En Ming wrote:

> Hi Jeremy,
>  
> Is there a manual for using pulled-pork? I can't find the manual for it in http://www.snort.org/docs
>  
> Thank you very much.
>  
> Teo En Ming
>  
>  
> On Tue, Apr 8, 2014 at 3:27 AM, Jeremy Hoel <jthoel () gmail com (mailto:jthoel () gmail com)> wrote:
> > 1/2 - Look at pulled-pork to handle the rule management tasks; including enabling all the rules if that's what you 
> > want  
> >  
> > 3 -  www.testmyids.com (http://www.testmyids.com) for a quick test, there may or may not be rules written for the 
> > vulnerability checks.  
> >  
> > check your snort.conf for proper variable usage
> >  
> > learn what the rules do and why you expect them to fire.
> >  
> >  
> >  
> > On Mon, Apr 7, 2014 at 7:19 PM, Teo En Ming <teo.en.ming () gmail com (mailto:teo.en.ming () gmail com)> wrote:
> > > Dear list,
> > >  
> > > I downloaded this set of rules file http://www.snort.org/downloads/2874 (snortrules-snapshot-2960.tar.gz 
> > > (http://www.snort.org/downloads/2874)).
> > >  
> > > Why are most of the Snort rules commented out? It's like 80% of all the Snort rules are commented out/disabled.
> > >  
> > > Question 1: Shall I un-comment the disabled rules???
> > >  
> > > Also, why are many of the rules files empty?
> > >  
> > > Question 2: Why are many of the rules files empty?
> > >  
> > > I installed Nessus 5.2.6 on my Windows 8.1 machine. I ran Nessus vulnerability scanner against my public IP and 
> > > no alerts showed up on my Snort IDS at all!
> > >  
> > > Question 3: The Nessus vulnerability scanner reported numerous vulnerabilities. Why are there no alerts in my 
> > > Snort IDS box at all?
> > >  
> > > I need a favor from you guys. To uncomment all the DISABLED Snort rules, which is probably thousands and 
> > > thousands of lines, is a colossal task. I think I need to write a sed 's/original text/replacement text/g' linux 
> > > shell script to uncomment all the disabled Snort rules. But the problem is that my Linux shell scripting 
> > > knowledge is a bit rusty and I would need to revise it. Hence I am wondering if any of you guys can write a bash 
> > > script with sed and for loops to uncomment the disabled Snort rules??? Thanks in advance!!! Don't worry, I will 
> > > vet through the submitted shell scripts.
> > >  
> > > I am looking forward to your replies.
> > >  
> > > Thank you very much.
> > >  
> > > Yours sincerely,
> > >  
> > > Teo En Ming
> > >  
> > > ------------------------------------------------------------------------------
> > > Put Bad Developers to Shame
> > > Dominate Development with Jenkins Continuous Integration
> > > Continuously Automate Build, Test & Deployment
> > > Start a new project now. Try Jenkins in the cloud.
> > > http://p.sf.net/sfu/13600_Cloudbees
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net (mailto:Snort-users () lists sourceforge net)
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > >  
> > > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >  
>  
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment  
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
>  
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net (mailto:Snort-users () lists sourceforge net)
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>  
> Please visit http://blog.snort.org to stay current on all the latest Snort news!  

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!