fahmiff

Members
  • Content count

    19
  • Joined

  • Last visited

About fahmiff

  • Rank
    Member

Profile Information

  • Country
    Indonesia
  1. i'm already try to add that rule to the local.rule but the same error "ERROR: 1 alerts have NOT found their way into acid_event with sid = 4 " are still appear.
  2. No, i don't add that rule on my local.rules file, because that rule already active in preprocessor.rules in folder d:\winids\snort\preproc_rules. what i do is configure my snort.config file, im delete the # on this line and change the host ip address : # ARP spoof detection. For more information, see the Snort Manual - Configuring Snort - Preprocessors - ARP Spoof Preprocessor preprocessor arpspoof preprocessor arpspoof_detect_host: 192.168.43.79 f0:0f:00:f0:0f:00 i'm generate the alert usinh angry ip scanner to scan the ip address and port address. thank you so much.
  3. sorry to bother you all, i trying to check arp spoofing on my winids system so i'm active the prepocrule used to detect arp spoofing. the rule look like this : alert ( msg: "ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK"; sid: 4; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; ) and it work it shown and give alert on barnyard2 & visual syslog server it give alert like this : 05/16-13:31:06.553294 [**] [112:4:1] spp_arpspoof: ARP Cache Overwrite Attack [**] but the alert can't show on BASE it give error on BASE, the error look like this : "D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:776: ERROR: 3 alerts have NOT found their way into acid_event with sid = 4" "D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:521: ERROR: Alert "4 - 9618" could NOT be found in acid_event" what should i do to fix the error and make the alert can shown on BASE? thank you so much - Fahmi
  4. thank you i'm already make sure that my setting are right like that. do you have any suggestion malware software attacker to test the winids system because im already trying to attack using beast trojan and my winids system didn't show any alert. thank you so much for your help
  5. thank you, but when i'm trying to checking my winids system using angry ip scanner it doesn't give any alert. i try to ip scan my computer that installed with winids security control using angry ip scanner but the winids doesn't give any alert. what should i do to make my ids can detect any attack especially with icmp packet? thank you so much for your help.
  6. thank you and i'm already try that, and it work it gives many udp and icmp alert. so what should I do next. do I have to delete test.rule from snort.conf? because its give thousand alert.
  7. Hello everyone, sorry to bother you.I'm following the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10 and it work, i can access the 'http://winids' on my browser. But i'm realize that my winids console dont show any alert for icmp and udp packet, so what i need to do to make the winids security console can work with icmp and udp packet. thank you so much.
  8. im already open the URL but it show that port 514 is closed so after that i'm adjust my firewall to allow tcp and udp for port 514. but after i check the port forwarding test the port 514 its still closed. what should i do? or i must doing something with the vss? Thank you so much, and have a nice day.
  9. Thank you. now im trying to use visual syslog server as you suggested. but so i follow the tutorial "Installing Logging Events to a Remote Syslog Server" and i got confused on part to test open listening port on remote syslog server because i dont know the ip address and port of the visual syslog seerver. what should i do to know the ip address and port of the remote syslog server? Thank you. And have a nice day.
  10. Hello everyone, sorry to bother you. Yesterday i'm following the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10 and it work. then i'm got confuse how to showing logging events to kiwi syslog server from the Windows Intrusion Detection System (WinIDS) that i'm already install from tutorial ""Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus". Can someone give me tutorial how to add that logging event to showing in kiwi syslog server without bothering the existing WinIDS? thank you so much. and have a nice day.
  11. Thank you so much it work after i'm adding winids to host file and then i can access http://winids on my browser And can you give any tips what must i do so the system winids security control can work properly? like i just need to open "http://winids" to check the secure of my computer or i need to start other thing like snort or mysql in cmd. Thank you so much sir Morpheus and have a great day.
  12. When I try to ping winids on cmd but it cant ping the winids because the system cant find host winids.
  13. Hello everyone, sorry to bother you. Yesterday i'm following the tutorial "Installing an Apache2 Web Server logging events to a MySQL Database" by Morpheus to my computer using windows 10 and it work, i can access the 'http://winids' on my browser. But today i cant access it. I can't even start Apache2.4 and error messages like this always appear. and when i test the barnyard config file, it show that "unknown mysql server host 'winids'. what should i need to do so i can access the http://winids again? thank you so much and sorry to bother you all.
  14. thank you so much for your help and information. good bless you sir.
  15. Sorry but when i first download it at 9th February the winids-cssp dont have the graphing.zip so i download it again today and it have the graphing.zip thank you so much for your help. and sorry to bother you.