All Activity

This stream auto-updates   

  1. Today
  2. Yesterday
  3. Last week
  4. Earlier
  5. Okay thanks. This was a fresh install of 2012 R2. Everything else worked. Great walk through!!!
  6. Been doing these tutorials and have installed 1000+ IDS's in the last 15 years and not once have I had to add an extension. It sounds like you have a corrupted .EXE association.This issue can occur if a virus or other 3rd party application has changed or corrupted some default registry settings. These types of quirks seem to pop up when the installer fails to install the Windows Intrusion Detection System on a fresh install of Windows.
  7. I do not believe so. If you look at every Windows service the path includes the extension.
  8. There is something odd about your Windows environment requiring the extensions?
  9. I had the same issue as in this thread. I was going to comment there but the forum said to start a new thread rather than reviving that one. The issue seems to be that when the Windows service is created the path is set as; d:\winids\snort\bin\snort /SERVICE But it should be; d:\winids\snort\bin\snort.exe /SERVICE In the registry go to HKLM\SYSTEM\CurrentControlSet\Services\SnortSvc then edit the ImagePath entry to change the path
  10. hello again, Morpheus , that did the trick, thanks a lot https://ibb.co/dkb1uS to think I miss that line all the time I check the conf. file. I think I was too block to event notice it. as for the file thanks there was no way I could have guess or find that was a problem. time to generate some traffic again xD; again thx a lot for you help and time.
  11. You need to change line 900 in the php.ini Change from: ;extension=php_mysql.dll Change to: extension=php_mysql.dll Your PHP in IIS is not configured correctly. Stop the IIS server, copy the file in the attached zip to the C:\Windows\System32\inetsrv\config folder, and restart the IIS server. applicationHost.zip
  12. hi again, 1.went I try to browse this happen https://ibb.co/ff04eS (same msg event after reconfiguring one more time before responding) 2. the 3 file are on the zip 3. the last file you ask for I found it in C:\Windows\System32\inetsrv\config, not in C:\Windows\System32\inetsrv thx a lot for the help; I maybe planning on doing a fresh install on a new virtual machine but this time using apache in stead of IIS. (depend on free time since I got to get ready for my monograph at university, and tomorrow ill be getting all the details on what to do) PHP ini and test.zip
  13. What happens when put the test.php file in d:\winids\inetpub\wwwroot\base folder and then from a browser type http://winids/test.php Attach your php.ini file located in the d:\winids\php folder Attach your applicationHost.config file located in the C:\Windows\System32\inetsrv folder.
  14. hi and thx for the reply, I just finish redoing the part of the tutorial you instructed me to do and I get the following error: https://ibb.co/ff04eS https://ibb.co/dbmMR7 as for the proxy, I'm installing in a virtualbox machine (Server2016) Network attachment set to 'Bridge mode' since this is my first time trying this installing I don't want to run it on any of the server till I can get it working 100%. thx in advance
  15. Item 1: Go back to the section titled Configuring IIS for PHP, and the Windows Intrusion Detection Systems security console and complete again. Item2: It appears there was a time delay for some reason. Try it again. Make sure your not routing through a proxy.
  16. hi everyone, let me say first : I'm really a novice in all the sense of the world, that aside I have fallow every single part of the tutorial triple check all setting but I'm still getting that error, the weird part is that the test.php is successful but after I finish the tutorial and went to http://winidis/ I get the directory and http://winids/base_main.php I get error 500, I check in the IIS and notice the directory browsing was enable so I turn it off and I got error 403. so to sum it up: with Directory browsing disable http://winidis/ give me = error 403 + error 500 on http://winids/base_main.php with Directory browsing enable http://winidis/ give me = get the page on the attachment + error 500 on http://winids/base_main.php thx in advance; ATT: Raymer Rodríguez Edit: forgot to mention i check the forum for my tutorial and read all post but still no dice Edit 2: I try to reinstall the whole configuration and testing and went I was around the Pear process I notices the warning and is asking me to run a regedit entry as well as it only install 3 out the 11 PEAR packages (it install it all of them the first time I run it) (did run the update after I notice the msg and still same result).
  17. It appears the snort database has a problem or authentication. Go into the task manager and kill the Barnyard2 process. Go into the uninstall programs and remove postgresql. Go into the d:\winids folder and delete the postgresql folder. Return to the tutorial section labeled Installing the PostgreSQL Database Server and complete. Go to the tutorial section labeled Configuring the PostgreSQL Database Server and complete. Go to the tutorial section labeled Confirming PostgreSQL and Snort are operational and complete. Go to the tutorial section labeled Testing the Barnyard2 configuration file and complete. This should fix the problem.
  18. Pulled your Pulledpork folder in and everything works as expected. I'm not sure what the problem is? Possible firewall issue with a blocked port? C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T https://github.com/shirkdog/pulledpork _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.4 - Helping you protect your bitcoin wallet! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2017 JJ Cummings, Michael Shirk @_/ / 66\_ and the PulledPork Team! | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'uname' is not recognized as an internal or external command, operable program or batch file. Checking latest MD5 for snortrules-snapshot-29111.tar.gz.... Rules tarball download of snortrules-snapshot-29111.tar.gz.... They Match Done! IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist.... Reading IP List... Checking latest MD5 for opensource.gz.... Rules tarball download of opensource.gz.... They Match Done! Prepping rules from opensource.gz for work.... Done! Prepping rules from snortrules-snapshot-29111.tar.gz for work.... No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366. Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 366. Done! Reading rules... readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. readline() on closed filehandle DATA at d:\winids\pulledpork\pulledpork.pl line 722. Reading rules... Activating security rulesets.... Done Modifying Sids.... Done! Processing d:\winids\pulledpork\etc\enablesid.conf.... Modified 20480 rules Skipped 0 rules (already disabled) Done Processing d:\winids\pulledpork\etc\dropsid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Processing d:\winids\pulledpork\etc\disablesid.conf.... Modified 0 rules Skipped 0 rules (already disabled) Done Setting Flowbit State.... Done Writing d:\winids\snort\rules\winids.rules.... Done Generating sid-msg.map.... Done Writing v1 d:\winids\snort\etc\sid-msg.map.... Done Writing d:\winids\snort\log\sid_changes.log.... Done Rule Stats... New:-------4 Deleted:---0 Enabled Rules:----32501 Dropped Rules:----0 Disabled Rules:---0 Total Rules:------32501 No IP Blacklist Changes Done Please review d:\winids\snort\log\sid_changes.log for additional details Fly Piggy Fly!
  19. Attached is my Pulled Pork folder and the temp folder was cleared out. I also cleared out the folder and tried to run the command again, and in the picture attached that shows the files getting downloaded there. So it is grabbing something at least. My OinkCode also looks good. This device is also not sitting behind a proxy. pulledpork.zip
  20. Make SURE you are ONLY using the Pulledpork from here. I have to modify it to work on windows. Make sure your oink code is correct. If you are behind a proxy there may be problems. Try removing everything in the pulledpork/temp folder. If there is still problems zip up the pulledpork folder and attach it. Don't forget to delete everything in the pulledpork/temp folder before compressing.
  21. Hi attached is my pulled pork config file pulledpork.conf
  22. Hi, I have recently went to upgrade my Snort version and Pulled Pork version. Those seem to have upgraded just fine. What I am having an issue with is trying to update pulled pork after the update. When I run the update command it seems like it can't connect to Talos which is a first time I am seeing that issue. Has anyone seen an issue like this before. In the attached screenshot I am able to browse to the website shown. It almost seems like the Talos side might not allow me in to download said file. Thanks in advance.
  23. Pulledpork runs a specific set of rules based on policy set in the pulledpork.conf. There are 4 conf files located in the etc folder that will include, exclude, disable, or drop rules based on your specific needs. The default set of activated rules prior to installing PulledPork has more rules activated by default. PulledPork drills down into the more relevant rules based on policy. You will need to figure out what is best to include or exclude based on your needs using the . There is a Pulledpork user group that could be very helpful here. Also, you can ask questions in the Snort-Mailing list.
  24. I have followed your excellent tutorials and installed WinIDS with MySQL, Barnyard2 and Pulled Pork. Before I got Pulled Pork installed, I had lots of alerts, but after applying it, I haven't seen any new alerts since last thing on Friday. I hope that is a good thing!. To keep the rules up to date, do I create a Schedule Task to run a batch file with: rd d:\winids\snort-old /S /Q xcopy /E /I d:\winids\snort d:\winids\snort-old perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T net stop snort & net start snort Perhaps once per day?
  25. I'm not sure because this is a custom install. If you follow the guide you will get a working Windows Intrusion Detection System. However it looks like you have an incomparable version of PHP installed. The Windows intrusion Detection security console (base) ONLY works with PHP 5.x
  26. Why I got this error during BASE installation? Do I have something that I miss or wrong configuration?? anyone know any solution pls let me know Strict Standards: Declaration of MultipleElementCriteria::SanitizeElement() should be compatible with BaseCriteria::SanitizeElement() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 292Strict Standards: Declaration of MultipleElementCriteria::PrintForm() should be compatible with BaseCriteria::PrintForm() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.phpon line 292Strict Standards: Declaration of MultipleElementCriteria::AddFormItem() should be compatible with BaseCriteria::AddFormItem() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 292Strict Standards: Declaration of MultipleElementCriteria::SetFormItemCnt() should be compatible with BaseCriteria::SetFormItemCnt() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 292Strict Standards: Declaration of ProtocolFieldCriteria::Description() should be compatible with BaseCriteria::Description() in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 337Strict Standards: Declaration of TimeCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 932Strict Standards: Declaration of IPAddressCriteria::SanitizeElement() should be compatible with MultipleElementCriteria::SanitizeElement($i) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1109Strict Standards: Declaration of IPAddressCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1109Strict Standards: Declaration of IPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1152Strict Standards: Declaration of IPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1152Strict Standards: Declaration of TCPPortCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1190Strict Standards: Declaration of TCPPortCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1190Strict Standards: Declaration of TCPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1234Strict Standards: Declaration of TCPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1234Strict Standards: Declaration of UDPPortCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1361Strict Standards: Declaration of UDPPortCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1361Strict Standards: Declaration of UDPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1398Strict Standards: Declaration of UDPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1398Strict Standards: Declaration of ICMPFieldCriteria::Description() should be compatible with ProtocolFieldCriteria::Description($human_fields) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1438Strict Standards: Declaration of ICMPFieldCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1438Strict Standards: Declaration of DataCriteria::PrintForm() should be compatible with MultipleElementCriteria::PrintForm($field_list, $blank_field_string, $add_button_string) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php on line 1634Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php:1361) in C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_auth.inc.php on line 331Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\SnortV2\base-1.4.5\includes\base_state_citems.inc.php:1361) in C:\xampp\htdocs\SnortV2\base-1.4.5\index.php on line 53
  27. The config files look good. It's usually quicker to start fresh.
  1. Load more activity