After reading through the link that you shared, I included the time settings into the Snort rule and I am now seeing alerts (the command prompt in Security Onion). Thank you again so much for your help. Without your help and suggestions, I wouldn't have been able to figure out the...
Thank you for your advice and guidance. I have tried using Snort through the command prompt in Security Onion. I will take a look at the rule and will let you know.
Thank you again and have a nice day,
Thank you again. What protocol could I use for the format of the snort rule? That's the part that I'm stuck on since Snort does not support the ARP protocol. Also, is there a setting for time when writing Snort rules?
Thank you and I value your help a lot.
Have a great day.
In order to write a Snort rule for a Man-in-the-middle attack, what protocol can be used for that rule? The reason I'm asking is because the MITM attack for the lab I'm working on, depends on ARP poisoning. ARP is one of the protocols that can not be used in a Snort rule. I've...
Thank you so much again for your help. The Exploitation lab is now working. When I tried Java 7, the attack got stuck at the same point. But when I downloaded Java 6 on the Windows VM, the attack began to work correctly.
I greatly appreciate your guidance. I wouldn't have ever...
Thank you for your help. I have never used Armitage before but once I opened the exploit I see this:
I downloaded the latest version of Java for Windows Server 2016 VM. But I got the same error. It seems that for the "nstreerange" exploit, Java version 7 must be used. When I...
Thank you again for your suggestions. Is there a way to detect a MITM attack (conducted with VMware VMs) with Snort?
Also, can Snort be used for detecting IP spoofing? The professor that I'm doing this project for has a preference for incorporating Snort into the labs that we are...
Hi Drizzit89, Thank you very much for your message. I appreciate it and sorry for this late reply.
I am now using a CentOS 7 router in VirtualBox to send traffic from the local network (containing Kali) to Security Onion (which will be on its own network). If I set up a virtual firewall (as...
I am having trouble performing a man-in-the-middle attack with Kali (as the attacker) and Windows Server 2016 (as the target). Both are VMs in VirtualBox and they are on the same local network (172.16.2.0/24). The instructions of the lab I am following specifies to open three separate...
Hi Rob, Thank you. I ran whois and nslookup in Kali and those attacks work. The problem I'm having is detecting them in Security Onion. I installed ELK on CentOS 7 and for another lab (ARP poisoning), I passed the logs from CentOS 7 to Security Onion. I am unsure how I would use an IDS (i.e...
Hi CptCharis, Thank you for this suggestion. I will look into it. Will using bridged networking in VirtualBox work if I am using a wireless internet connection on my host computer?
Thank you again for your time.
I am working with a penetration testing lab environment that uses Kali Linux 2018 VM (as an attacker), CentOS 7 (as a target), Windows Server 2016 (as a target), and Security Onion 2019 (as the Intrusion Detection system). All VMs are in VirtualBox and are on the same local network (I've...