Community discussions

MikroTik App
 
omnicron
newbie
Topic Author
Posts: 27
Joined: Wed Dec 29, 2004 9:57 am

Streaming Server with Snort

Tue Jun 17, 2008 12:13 am

I have been trying to figure out how top configure SNORT with the steaming server option in Mikrotik. I guess Mikrotik supports the TZSP format but I can not figure out how to get snort to accept a UDP stream in that format? I have search for the TZSP format option for SNORT and other such things but have found very little information on this. Can anyone shed some light on this?

Ok I figured out I use ./trafr -s | in some way but I dont see how to make snort listen on standard input.


OK GOT IT.

./trafr -s |/usr/sbin/snort -r -

Now I just need to play more with snort..


Thanks

Tim
 
gkoufoud
just joined
Posts: 13
Joined: Tue Apr 15, 2008 11:22 pm

Re: Streaming Server with Snort

Wed Nov 28, 2012 12:47 pm

Hi,
I have developed an IDS/IPS system for RouterOS.
It is here : http://sourceforge.net/projects/mt-fw-attack/

You need a linux machine to compile and run it.
It collects syslog messages from your's routeros device (there are instructions on how to use it) and adds the attackers on an address list which you can use to block them.
:-)
 
User avatar
EMOziko
Member Candidate
Member Candidate
Posts: 129
Joined: Mon Aug 23, 2010 9:42 pm
Location: Georgia

Re: Streaming Server with Snort

Sat Dec 01, 2012 10:33 am

Hi,
I have developed an IDS/IPS system for RouterOS.
It is here : http://sourceforge.net/projects/mt-fw-attack/

You need a linux machine to compile and run it.
It collects syslog messages from your's routeros device (there are instructions on how to use it) and adds the attackers on an address list which you can use to block them.
:-)
Wow, thank you, I will try.
 
nina
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Sat Jan 29, 2011 1:30 am

Re: Streaming Server with Snort

Wed Oct 09, 2013 6:04 pm

Hi

Does somebody tried this mt-fw-attack package? on which linux distro, can somebody help?

Best
 
nina
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Sat Jan 29, 2011 1:30 am

Re: Streaming Server with Snort

Thu Oct 10, 2013 1:06 pm

Got it!Solved!
 
nina
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Sat Jan 29, 2011 1:30 am

Re: Streaming Server with Snort

Thu Oct 10, 2013 5:51 pm

Hi

Does somebody implement this ids/ips system???

i installed everything and put some rules with remote logging option but nothing happen

is this daemon put attacker ip address dynamically on router??

Best
 
nina
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Sat Jan 29, 2011 1:30 am

Re: Streaming Server with Snort

Mon Oct 14, 2013 6:00 pm

Solved!!

Thanks gkoufoud!

Best
 
m94646602
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Thu Oct 03, 2013 5:38 pm

Re: Streaming Server with Snort

Sat Oct 26, 2013 5:27 am

help, cann't see this daemon put attacker ip address on router address list, i can see the attacker ip in the linux syslog.

thanks a lot
 
m94646602
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Thu Oct 03, 2013 5:38 pm

Re: Streaming Server with Snort

Mon Oct 28, 2013 8:32 am

Solved!!

Thanks gkoufoud!

Best

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], Cloudtechiq [Bot], Kuitz, patrikg, xristostsilis and 74 guests