Morpheus

Administrators
  • Content count

    559
  • Joined

  • Last visited

Everything posted by Morpheus

  1. Looks like you ran into a problem installing and moving the IIS server. I'm not sure how this can be fixed as I've never seen the error. You might try reinstalling from scratch ands make SURE the command window is in Admin mode before running the move script.
  2. Looks like you ran into a problem installing and moving the IIS server. I'm not sure how this can be fixed as I've never seen the error. You might try reinstalling from scratch ands make SURE the command window is in Admin mode before running the move script.
  3. The Error 500 may be related to PHP not getting fully implemented correctly. Try using the URL: http:\\winids\base_main.php You might try going back to the below section and checking these two sections? Configuring PHP Configuring IIS for PHP, and the Windows Intrusion Detection Systems security console Note: I just created a new install and have no problem in the section titled: Testing IIS, and the PHP installations
  4. Can you attach your snort.con as a file? Don't post it in a replay because the editor strips things out.
  5. It appears that Sorcefire has added some items that will need additional configuring in the OS. For now edit the snort.conf to the below: Original Line(s): decompress_swf { deflate lzma } \ Change to: # decompress_swf { deflate lzma } \ The decompression fault for SWF files requires an additional library (LZMA). I have made a request to the development team to look into this problem, and they are looking into it.
  6. I have no idea where you got that snort.conf because it's not matching the one included in the current rules tarball, which is the one that must be used. You need to go back to the tutorial and start over, as there are numerous omissions in the snort.conf file.
  7. It looks like it's not reading the snort.conf file. I'm guessing you are using something: d:\winids\snort\bin\snort -v -i1 Try: d:\winids\snort\bin\snort -v -c d:\winids\snort\config\snort.config -i1 The above line may need to be tailored to you specific needs? Note: Those WARNING: signs are usually only informational.
  8. Some find it easier to copy and past the password from the tutorial, or the download page. They are identical passwords.
  9. You need to mirror all the ports to the WinIDS, so you will need a managed switch. You could also connect a "Throwing Star LAN Tap" from greatscottgadgets.com into the connection.
  10. The problem you are having is with the OS. I'm not sure why Visual C++ is failing to install, but is a requirement of Apache. This is the first time that problem has been reported. You might try a clean install of the OS and give it another try.
  11. I completed a fresh install using Server 2008 R2 and when I preform the test for Barnyard2, I get the below: --== Initializing Barnyard2 ==-- Initializing Input Plugins! Initializing Output Plugins! Parsing config file "d:\winids\barnyard2\etc\barnyard2.conf" +[ Signature Suppress list ]+ ---------------------------- +[No entry in Signature Suppress List]+ ---------------------------- +[ Signature Suppress list ]+ WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored WARNING: invalid Reference spec 'url,'. Ignored Barnyard2 spooler: Event cache size set to [32768] INFO database: Defaulting Reconnect/Transaction Error limit to 10 INFO database: Defaulting Reconnect sleep time to 5 second ERROR database: postgresql_error: ERROR: operator does not exist: ` integer LINE 1: SELECT `ref_system_id`, ref_system_name FROM reference_syste... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts. [CacheSynchronize()]:, SystemCacheSyncronize() call failed. ERROR: database [DatabaseInitFinalize()]: CacheSynchronize() call failed ... Fatal Error, Quitting.. Barnyard2 exiting database: Closing connection to database "snort" Attached is build 336 and it works. Your existing config file will work. I have a note in the Barnyard2 users group about this problem. barnyard2-2.1.14-build336.zip
  12. Make sure there is a log folder in the snort folder This looks odd: ERROR: Portscan log file 'log/\portscan.log' could not be opened: No such file or directory. Try this: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low } logfile { portscan.log }
  13. Version 2.25

    199 downloads

    SmartSniff is yet another free packet sniffing tool that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. With the help of this network monitoring utility, you can view the TCP/IP conversations in ASCII mode or as hex dump.
  14. Version 2.0.3

    166 downloads

    Wireshark is one of the popular free packet sniffing tools for Windows. This tool can give you an ability to see what’s happening on your network at a microscopic level. =
  15. Version 2.0.3

    26 downloads

    Wireshark is one of the popular free packet sniffing tools for Windows. This tool can give you an ability to see what’s happening on your network at a microscopic level.
  16. Version 1.4

    143 downloads

    Microsoft's 64bit Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic. It is the successor to NetMon 3.x and is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can capture live data or retrieve archived message collections from saved files such as traces and logs. Message Analyzer also enables you to display data in a default tree grid view and in selectable graphical views that employ grids, charts, and timeline visualizer components that provide high-level data summaries and other statistics. Note: I would say it’s a must have tool for Network administrator since there is so much you can do. There is a new TechNet blog dedicated for Microsoft Message Analyzer.
  17. Version 1.4

    17 downloads

    Microsoft's 32bit Message Analyzer is a new tool for capturing, displaying, and analyzing protocol messaging traffic. It is the successor to NetMon 3.x and is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can capture live data or retrieve archived message collections from saved files such as traces and logs. Message Analyzer also enables you to display data in a default tree grid view and in selectable graphical views that employ grids, charts, and timeline visualizer components that provide high-level data summaries and other statistics. Note: I would say it’s a must have tool for Network administrator since there is so much you can do. There is a new TechNet blog dedicated for Microsoft Message Analyzer.