PPPOE issue; Snort new rules;
-
well i use pppoe connetion from my isp ive configure out all thigs and they works ^^ maybe on magic or something;d
anyway here is an picture (and log) were shows on em1(wan cable) ive set other macAddr to use it with ppp interface.
$ ifconfig em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:d0:68:xx:xx:xx inet 10.8.133.1 netmask 0xffffff00 broadcast 10.8.133.255 inet6 fe80::2d0:68ff:fe0c:AABB%em0 prefixlen 64 scopeid 0x1 nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>) status: active em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:13:8f:xx:xx:xx inet6 fe80::213:8fff:feXX:AABB%em1 prefixlen 64 scopeid 0x2 nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>) status: active em2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:d0:68:xx:xx:xx media: Ethernet autoselect status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 pflog0: flags=100 <promisc>metric 0 mtu 33192 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 nd6 options=3 <performnud,accept_rtadv>pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet6 fe80::2d0:68ff:fe0c:AABB%pppoe0 prefixlen 64 scopeid 0x8 inet 213.231.x.x --> 213.231.x.x netmask 0xffffffff nd6 options=3<performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></broadcast,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,promisc,simplex,multicast>
machine is symantec;
You can see the mistakes here…
in the left side there is Mac addr string shows zeroes real (that ive set it is 00:13:8f is gone), and on right side the type of link is gone too on Lan channel show 100FD..Ok, now the snort rules. add the files from here needs only a reg and md5 sum to get the file.. https://www.snort.org/account/oinkcode
Subscriber Release
http://www.snort.org/sub-rules/<filename>/ <oinkcode here="">Registered User Release
http://www.snort.org/reg-rules/<filename>/ <oinkcode here="">snortrules-snapshot-2931.tar.gz\snortrules-snapshot-2931.tar:
etc/ etc/classification.config etc/gen-msg.map etc/reference.config etc/sid-msg.map etc/snort.conf etc/threshold.conf etc/unicode.map preproc_rules/ preproc_rules/decoder.rules preproc_rules/preprocessor.rules preproc_rules/sensitive-data.rules rules/ many files ^^ so_rules/ more many files ^^ ```</oinkcode></filename></oinkcode></filename> -
no one about pppoe ?!?