Morpheus

Administrators
 View profile  See their activity

  • Content count

    592

  • Joined

  • Last visited

  • Days Won

    101

Everything posted by Morpheus

  1. 1) I was waiting for Sourcefire to update the rule package to 2980 before releasing the updated tutorials. Not sure what is going on but there seems to be some disagreements between the two divisions that is causing a delay. However the updated tutorials are now online to fix this. I'm not sure why they pulled 2.9.7.6 from the repository. 2) I just checked on a new install a few days ago and the paths for Perl were added. 3) You might want to place an exclusion into McAfee for the signatures folder. That's a strange one...
  2. Yea, that happens sometimes. Cutting and pasting works really well, but being very careful is a must...
  3. Look at line 45 in the snort.conf file. Match line with the tutorial and that should get you to the fix. If problems still exist attach the snort.conf file.
  4. The winids.rules file is associated with Pulledpork.
  5. You need to create the files in the folder. The tutorial had you create them on the initial install. If you deleted the rules folder than you removed the files.
  6. It appears you may only be seeing events from the preprocessors and not the rules. Make SURE you tested the rules after updating making SURE they were all read in. The number of rules will be in the output from the test.
  7. Not too much data, corrupted data would be the most likely cause.
  8. Did you clear the browser cache ? Did you try in a different browser ? Did you try cycling compatibility view in IE ?
  9. The version of BASE you are using is not supported using any of the Windows Intrusion Detection Systems tutorials.
  10. The location has a 404 error. Ask in the snort users group with a copy of the error. In the interim just hash out the line and it will be bypassed.
  11. Is the file 888.85498046875-black_list.rules in the d:\winids\pulledpork\temp folder ? It appears the download location may not be available. You might leave a note in the snort-users group with the error message you are receiving.

  12. Version

    564 downloads

    This is the latest Windows Intrusion Detection Systems (WinIDS) Barnyard2 Software Development Pack that can be used to compile Barnyard2 for Windows. The only reason to be compiling Barnyard2 for an existing Windows Intrusion Detection System (WinIDS) is that the MySQL or PostgreSQL database is being updated. Note: It is highly recommended that whatever version of database being compiled into Barnyard2 be the same version of database running on the live Windows Intrusion Detection System (WinIDS). The Windows Intrusion Detection System (WinIDS) Barnyard2 Software Development Pack has been password protected. Wrapper Password: w1nsn03t.c0m Note: It is highly recommended that the SHA-1 value listed below matches the SHA-1 value of the downloaded Windows Intrusion Detection System (WinIDS) Barnyard2 Software Development Pack. SHA-1 Hash value: F5EC286595C9913AE8CE3F01AB5AA9F2B987303D What's New in Version 1.16.2026 Updating the compile of Barnyard2 on Windows: More script revisions What's New in Version 12.24.2025 Updating the compile of Barnyard2 on Windows: Updated the scripts What's New in Version 11.21.2025 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 18.0 to 18.1 What's New in Version 10.22.2025 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.43 to 8.0.44 What's New in Version 10.2.2025 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 17.6 to 18.0 What's New in Version 8.18.2025 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 17.5 to 17.6 What's New in Version 7.30.2025 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.42 to 8.0.43 What's New in Version 5.14.2025 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 17.4 to 17.5 What's New in Version 4.23.2025 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.41 to 8.0.42 What's New in Version 2.23.2025 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 17.3 to 17.4 What's New in Version 2.19.2025 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.40 to 8.0.41 PostgreSQL has been updated from 17.2 to 17.3 What's New in Version 2.5.2025 Updating the compile of Barnyard2 on Windows: Updated the scripts What's New in Version 1.24.2025 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.37 to 8.0.40 PostgreSQL has been updated from 16.3 to 17.2 What's New in Version 5.14.2024 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.36 to 8.0.37 PostgreSQL has been updated from 16.2 to 16.3 What's New in Version 1.22.2024 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.35 to 8.0.36 What's New in Version 11.18.2023 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 15.5 to 16.1 What's New in Version 11.7.2023 Updating the compile of Barnyard2 on Windows: Updated the scripts for step-by-step explanation What's New in Version 10.3.2023 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 15.4 to 15.5 What's New in Version 9.5.2023 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 15.3 to 15.4 What's New in Version 7.22.2023 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.33 to 8.0.34 What's New in Version 5.16.2023 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 15.2 to 15.3 What's New in Version 2.15.2023 Updating the compile of Barnyard2 on Windows: PostgreSQL has been updated from 10.23 to 15.2 What's New in Version 1.20.2023 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.30 to 8.0.31 What's New in Version 11.13.2022 Updating the compile of Barnyard2 on Windows: MySQL has been updated from 8.0.30 to 8.0.31 PostgreSQL has been updated from 10.22 to 10.23 What's New in Version 8.18.2022 Updating the compile of Barnyard2 on Windows: The automated system has been updated with menu options MySQL has been updated from 8.0.29 to 8.0.30 PostgreSQL has been updated from 10.21 to 10.22 What's New in Version 6.22.2022 Updating the compile of Barnyard2 on Windows: The automated system has been updated with menu options MySQL has been updated from 8.0.28 to 8.0.29 PostgreSQL has been updated from 10.20 to 10.21 Kindest Regards, Winsnort.com Management
  13. Check out this topic
  14. Stop snort, stop Barnyard2, delete all the files in the log folder, from the attached .zip replace the configuration files, and reboot. I'm not sure beyond this. My suggestion if this doesn't work to start over fresh on everything and follow the tutorial. Good luck... files.zip
  15. Everything in the above terminal window is normal for Barnyard2 starting up. The more Barnyard2 is ran the fewer 'Warnings' get displayed, which is normal. It is waiting for events to be logged by Snort. Any events will be displayed in the above window. Is there any files of size in the snort/log folder? Attach your snort.conf and your barnyard2.conf.
  16. It appears there is a networking issue somewhere. I unsure what the problem could be. If you have setup the test rules and are still not seeing events in the Windows Intrusion Detection Systems (WinIDS) security console then there is a blockage somewhere? You have a custom install which makes it difficult to trouble shoot. Scripts need converted and a LOT of paths needs to be changed. It appears the tutorial is working but there its not detecting network traffic. The test rules will detect all network traffic. If you open the browser and it things are happening that traffic will be logged as an event and sent through to the console.
  17. There could be several reasons why there are no events being displayed. The WinIDS is plugged into a switch and cannot see all the traffic. The HOME_NET is not set correctly There are actually NO events being triggered If you believe the above are not causing problems. Manually add rules to detect on specific packets and log.
  18. I'm out of suggestions? Might try looking for the error through Google and see if something there helps.
  19. It won't hurt to run it again. It could take up to 10 min. to automatically reboot. Don't intervene.
  20. Did you run the modder.vbs file, and allow it to reboot by itself?
  21. Zip up everything in the \inetpub\logs\LogFiles folder and attach.
  22. I only found one small item. I'm not sure because it appears that PHP is working because the test.php file runes as expected. You might try renaming the base folder, extracting the base program using administrator privileges, extract the signatures to the base folder per the tutorial, and copy the new config to the base folder. base_conf .php
  23. Attach the base_conf.php file.
  24. What happens when you type from the URL: http://winids/base_main.php
  25. At this point in the tutorial you should be finished. To test php at this point the test.php file needs to be copied to the d:\winids\inetpub\wwwroot\base\ folder. From the URL type: http://winids/test.php What kind of response are you getting?