• Content count

  • Joined

  • Last visited

Everything posted by Morpheus

  1. Yea, that happens sometimes. Cutting and pasting works really well, but being very careful is a must...
  2. Look at line 45 in the snort.conf file. Match line with the tutorial and that should get you to the fix. If problems still exist attach the snort.conf file.
  3. The winids.rules file is associated with Pulledpork.
  4. You need to create the files in the folder. The tutorial had you create them on the initial install. If you deleted the rules folder than you removed the files.
  5. It appears you may only be seeing events from the preprocessors and not the rules. Make SURE you tested the rules after updating making SURE they were all read in. The number of rules will be in the output from the test.
  6. Not too much data, corrupted data would be the most likely cause.
  7. Did you clear the browser cache ? Did you try in a different browser ? Did you try cycling compatibility view in IE ?
  8. The version of BASE you are using is not supported using any of the Windows Intrusion Detection Systems tutorials.
  9. The location has a 404 error. Ask in the snort users group with a copy of the error. In the interim just hash out the line and it will be bypassed.
  10. Is the file 888.85498046875-black_list.rules in the d:\winids\pulledpork\temp folder ? It appears the download location may not be available. You might leave a note in the snort-users group with the error message you are receiving.
  11. Version


    This is the latest Windows Intrusion Detection Systems (WinIDS) Barnyard2 Software Development Pack that can be used to compile Barnyard2 into an executable from any valid Windows operating system. All of the Windows Intrusion Detection Systems (WinIDS) Core Software Packs already comes with a compiled version of Barnyard2. Only use the Barnyard2 executable included in the Windows Intrusion Detection Systems (WinIDS) Core Software Pack on the initial install. Using any other version of Barnyard2 during the initial install will, or most likely will cause the install to fail. Barnyard2 is dependent on specific versions of MySQL or PostgreSQL being installed. The main reason to be compiling Barnyard2 for an existing Windows Intrusion Detection System (WinIDS) is that the MySQL or PostgreSQL database is being updated. The Windows Intrusion Detection System (WinIDS) Barnyard2 Software Development Pack has been password protected. Wrapper Password: w1nsn03t.c0m After you have downloaded the Windows Intrusion Detection System (WinIDS) Barnyard2 PostgreSQL Software Development Pack and before you attempt to install it, you should make sure that it is intact and has not been tampered with. Use the SHA-1 Checksums below to verify the integrity. SHA-1 Hash value: D02F6DA13C25184BF87FE4DD5C40BF4989CCB6DC What's New in Version 06.02.2019 Updating the compile of Barnyard2 on Windows: MySQL has been updated from to PostgreSQL has been updated from 10.7 to 10.8 Includes 64bit compiling Barnyard2 compiling process for the new database versions above... Kindest Regards, Management
  12. Stop snort, stop Barnyard2, delete all the files in the log folder, from the attached .zip replace the configuration files, and reboot. I'm not sure beyond this. My suggestion if this doesn't work to start over fresh on everything and follow the tutorial. Good luck...
  13. Everything in the above terminal window is normal for Barnyard2 starting up. The more Barnyard2 is ran the fewer 'Warnings' get displayed, which is normal. It is waiting for events to be logged by Snort. Any events will be displayed in the above window. Is there any files of size in the snort/log folder? Attach your snort.conf and your barnyard2.conf.
  14. It appears there is a networking issue somewhere. I unsure what the problem could be. If you have setup the test rules and are still not seeing events in the Windows Intrusion Detection Systems (WinIDS) security console then there is a blockage somewhere? You have a custom install which makes it difficult to trouble shoot. Scripts need converted and a LOT of paths needs to be changed. It appears the tutorial is working but there its not detecting network traffic. The test rules will detect all network traffic. If you open the browser and it things are happening that traffic will be logged as an event and sent through to the console.
  15. There could be several reasons why there are no events being displayed. The WinIDS is plugged into a switch and cannot see all the traffic. The HOME_NET is not set correctly There are actually NO events being triggered If you believe the above are not causing problems. Manually add rules to detect on specific packets and log.
  16. I'm out of suggestions? Might try looking for the error through Google and see if something there helps.
  17. It won't hurt to run it again. It could take up to 10 min. to automatically reboot. Don't intervene.
  18. Did you run the modder.vbs file, and allow it to reboot by itself?
  19. Zip up everything in the \inetpub\logs\LogFiles folder and attach.
  20. I only found one small item. I'm not sure because it appears that PHP is working because the test.php file runes as expected. You might try renaming the base folder, extracting the base program using administrator privileges, extract the signatures to the base folder per the tutorial, and copy the new config to the base folder. base_conf .php
  21. What happens when you type from the URL: http://winids/base_main.php
  22. At this point in the tutorial you should be finished. To test php at this point the test.php file needs to be copied to the d:\winids\inetpub\wwwroot\base\ folder. From the URL type: http://winids/test.php What kind of response are you getting?
  23. The majority of MySQL commands end with a ; Follow the tutorial carefully.