3. PPPOE issue; Snort new rules;

PPPOE issue; Snort new rules;

  • B

    well i use pppoe connetion from my isp ive configure out all thigs and they works ^^ maybe on magic or something;d

    anyway here is an picture (and log) were shows on em1(wan cable) ive set other macAddr to use it with ppp interface.

    $ ifconfig
em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
	options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:d0:68:xx:xx:xx
	inet 10.8.133.1 netmask 0xffffff00 broadcast 10.8.133.255
	inet6 fe80::2d0:68ff:fe0c:AABB%em0 prefixlen 64 scopeid 0x1 
	nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:13:8f:xx:xx:xx
	inet6 fe80::213:8fff:feXX:AABB%em1 prefixlen 64 scopeid 0x2
	nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
em2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
	options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:d0:68:xx:xx:xx
	media: Ethernet autoselect
	status: no carrier
enc0: flags=0<> metric 0 mtu 1536
pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33192
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 
	nd6 options=3 <performnud,accept_rtadv>pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
	inet6 fe80::2d0:68ff:fe0c:AABB%pppoe0 prefixlen 64 scopeid 0x8 
	inet 213.231.x.x --> 213.231.x.x netmask 0xffffffff 
	nd6 options=3<performnud,accept_rtadv></performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></broadcast,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,promisc,simplex,multicast>


    machine is symantec;
    You can see the mistakes here…
    in the left side there is Mac addr string shows zeroes real (that ive set it is 00:13:8f is gone), and on right side the type of link is gone too on Lan channel show 100FD..

    Ok, now the snort rules. add the files from here needs only a reg and md5 sum to get the file..  https://www.snort.org/account/oinkcode

    Subscriber Release

    http://www.snort.org/sub-rules/<filename>/ <oinkcode here="">Registered User Release

    http://www.snort.org/reg-rules/<filename>/ <oinkcode here="">snortrules-snapshot-2931.tar.gz\snortrules-snapshot-2931.tar:

    
etc/
etc/classification.config
etc/gen-msg.map
etc/reference.config
etc/sid-msg.map
etc/snort.conf
etc/threshold.conf
etc/unicode.map
preproc_rules/
preproc_rules/decoder.rules
preproc_rules/preprocessor.rules
preproc_rules/sensitive-data.rules
rules/
many files ^^
so_rules/
more many files ^^

```</oinkcode></filename></oinkcode></filename>
    0
  • B

    no one about pppoe ?!?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy