Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th January 2007, 18:06
emurray1122 emurray1122 is offline
Junior Member
 
Join Date: Dec 2006
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default Intrusion Detection with BASE.

Unable to get snort to download. Using wget http://www.snort.org/dl/snort-2.6.1.2.tar.gz

connection refused

Tried the one in the doc same. Tried to browse out to see if the files were there with a different path. . . . connection refused.

Any ideas? I can download with my windows box, burn to CD and then see if that works.

Liz M
Reply With Quote
Sponsored Links
  #2  
Old 9th January 2007, 18:58
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Default

You're using the wrong link. Opening this page in a browser gives
Code:
Oink!! The page you requested doesn't exist.
Try to use:
Reply With Quote
  #3  
Old 9th January 2007, 19:10
emurray1122 emurray1122 is offline
Junior Member
 
Join Date: Dec 2006
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default Tried it -- didn't work

Connection refused

Another thing I noticed was after installing ispconfig, MySQL is showing up on the netstat -tap

Could it be because I've install ISPConfig and it is preventing the connections? I've tried to download several files for this build and can't do it from the server

Last edited by emurray1122; 9th January 2007 at 19:13.
Reply With Quote
  #4  
Old 9th January 2007, 20:10
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Default

Did you enable the firewall? I'm not using Bastille myself (switched to shorewall), but it looks like something is blocked. Any router in between your server and the Internet that may have restrictions?
Reply With Quote
  #5  
Old 9th January 2007, 21:24
emurray1122 emurray1122 is offline
Junior Member
 
Join Date: Dec 2006
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default Firewall

I am able to download the files to my Windows workstation. OK. I moved the server out to the same subnet as my workstation and I'm working. So since I want snort to be able to update from my management subnet, what will I have to put on my firewall?
Reply With Quote
  #6  
Old 10th January 2007, 11:25
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Default

Depends on your policies. Apparently your management LAN is not allowed to access Internet. Probably for good reasons. Either open up port 80 to connect to the internet on your management LAN or define some route. Hard to say without knowing how your user/management LAN and firewalls are designed.
Reply With Quote
  #7  
Old 10th January 2007, 17:08
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by emurray1122
Could it be because I've install ISPConfig and it is preventing the connections? I've tried to download several files for this build and can't do it from the server
No, ISPConfig's firewall blocks only incoming connections, but not outgoing connections.
But if you had another firewall running when you started ISPConfig's firewall, that might be a problem as both firewalls interfere with each other.

What's the output of
Code:
iptables -L
?
Which distribution do you use?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 10th January 2007, 23:13
emurray1122 emurray1122 is offline
Junior Member
 
Join Date: Dec 2006
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default Thanks

OK. Got it going. I read a post you had about changing IP addresses. It was really strange. I made the change and was still able to download files for about an hour. Then all of a sudden it all went away. I had the wrong gateway for the subnet I moved into so was unable to get the files.

Now I'm trying to get the ADOdb file down. for some reason that one was a problem during my last install.

Learning curve straight up!!!
Reply With Quote
  #9  
Old 11th January 2007, 08:58
martinfst martinfst is offline
Senior Member
 
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
 
Default

Quote:
Originally Posted by emurray1122
It was really strange. I made the change and was still able to download files for about an hour.
That could be your arp cache on the client system needed expiring/clearing.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing Your Server With A Host-based Intrusion Detection System radox HOWTO-Related Questions 7 15th October 2006 14:33
Intrusion Detection With Snort kungfuice HOWTO-Related Questions 1 5th October 2006 16:29
Securing Your Server With A Host-based Intrusion Detection System - OSSEC HIDS bruma HOWTO-Related Questions 1 29th September 2006 14:29
Securing Your Server With A Host-based Intrusion Detection System PortMan HOWTO-Related Questions 3 22nd September 2006 13:28
Intrusion Detection With BASE And Snort StupidScript HOWTO-Related Questions 7 12th August 2006 20:02


All times are GMT +2. The time now is 23:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.