Snort Installation on pfSense and Port Scan Testing

/ 9

100%

Document text

Snort Installation on Pfsense

Step 1: In your kali machine open Firefox browser and type IP (my IP: 192.168.1.1) address of the pfsense machine to open it, next Login: Use your pfSense administrative credentials to log in. Go to System > Packages, then search for snort application and click on install button to start installation.

Screenshot 1

You will see a message when installation is completed.

Screenshot 2

Configuring rules and settings to perform Port scan on pfSense

Step 2: open snort official website and create account.

Screenshot 3

Click on your profile and look for Oinkcode and copy it.

Screenshot 4

Step 3: Open snort global setting. Click on service→select snort→global setting tab

Under the Global Settings tab, review the configuration. Set up rules for the interfaces and paste copied Oinkcode in Oinkcode master section and rest up things as shown in the screenshot then save the changes.

Here are some key aspects to consider look into the shown image:

[unreadable]

Screenshot 5

Step 4: Now click on Snort interface tab to add a wan interface and configure the wan interface do some settings like alerts setting, detection setting and general setting etc. then save changes.

Screenshot 6

Now add LAN interface and setup LAN interface as shown in the image then save changes.

Screenshot 7

Step 5: Click on Snort interface you will see two recently added interfaces, LAN and WAN.

Now click on enable button to enable both interfaces.

Screenshot 8

Now click on update tab and update the rules.

Screenshot 9

Step 6: open terminal window on your kali and start port scanning on pfsense.

[unreadable]

Screenshot 10

Go to Status > System Logs. Use the filter option (dropdown menu or search bar) to display only logs originating from Snort. Analyze the logs for entries indicating potential port scans

Snort logs will provide details about the detected port scan attempt, including source IP, destination IP (your pfSense VM), protocol used, and ports scanned.

[image]

Screenshot 11

Snort Configuration and Testing Steps

1. Snort Installation:

• Visited web console of pfSense at [the IP of pfSense VM] (Specify actual IP here).

• Login happens after the pfSense credentials setup is done.

• Visit the System tab and select Packages.

• Installed needed the "snort" package.

• Screenshot 1: This image illustrates "Implementation" stage of Snort installation process. It is seen Snort package highlighted for its installation.

2. Snort Configuration:

• Services > Snort and the Global Settings section was accessed.

• Reviewed and, if necessary, adjusted some configuration options (video and documentation for individual configuration settings are detailed later in this same document).

- Screenshot 5: From this screenshots you will notice that the screenshot shows the ‘Global Settings’ page with relevant configurations applied.

- We'll practice configuring Snort to counteract port scans. Inserted special rule categories or rules that are able to differentiate the bridge activities from those with malicious activities’ purpose.

- This screenshot demonstrates the setting of Snort rules for port scan detection (the rules shown may differ in particular or categorical).

3. Snort Interface Configuration:

- Specified WAN and/or LAN network interfaces in “Interface snort tab”

- Screenshot 6 and 7: This screenshot shows the configuration settings at an interface that is used by Snort to create a new interface with a desired setting.

4. Enabling Snort Interfaces:

- Screenshot 8: The following picture portraits the Snort rule activation on the WAN and LAN sides.

5. Updating Snort Rules:

- Updated the changes made on both interfaces.

- Screenshot 9: This image shows the accessing to the Snort rule files updated successfully.

6. Testing Snort Functionality (Controlled Environment):6. Testing Snort Functionality (Controlled Environment):

- Screenshot 10: demonstrates the process and result of port scan on pfSense.

Verifying Snort Detection:

- On the pfSense VM, accessed Status > System Logs.

- Filtered logs to display entries only from Snort.

- Screenshot 11: Provides information about snort logs.

- This screenshot displays the Snort logs with entries highlighting the detected GVM scan.

Lessons Learned and Issues Encountered

• Laboratory reminded us of the vital position which the systems of intrusion detection can play in the detection and logging of strange network behaviors.

• Efficient tuning of Snort rules relies on a firm grasp of the patterns of the traffic and the possible threats that exist in the network. Consulting for documentations or referring to experienced IT professionals will be a short-cutting option in the process of the configuration.

• Snort provides a lot of rule sets and customizing options that can be tailored to the user requirements. But these options can be very useful to make the system better, nonetheless, they would demand deep knowledge of the system.

Preventing Installation Issues:

No issue encountered during installation snort.

Hardening Methods and Scan Detection

From the point lack of synchronized leader is considered an inherent downside in democratic procedures. Some tuned rules found out the port scanning attempts and those are already known for exploits or data scanning. By looking into the Snort logs, we ask ourselves if the scanning by during the full GVM scan from Kali Linux has been detected.

The lab on Snort demonstrated an ability to strengthen overall network security by acting quickly to resume normal operations after intercepting activities, identified as unusual or suspicious. Monitoring procedures should always be in place with scheduled rule updates to stay ahead of changes in the constantly shifting security landscape.

Snort Installation on Pfsense

Screenshot 1

You will see a message when installation is completed.

Screenshot 2

Configuring rules and settings to perform Port scan on pfSense

Step 2: open snort official website and create account.

Screenshot 3

Click on your profile and look for Oinkcode and copy it.

Screenshot 4

Step 3: Open snort global setting. Click on service→select snort→global setting tab

Here are some key aspects to consider look into the shown image:

[unreadable]

Screenshot 5

Step 4: Now click on Snort interface tab to add a wan interface and configure the wan interface do some settings like alerts setting, detection setting and general setting etc. then save changes.

Screenshot 6

Now add LAN interface and setup LAN interface as shown in the image then save changes.

Screenshot 7

Step 5: Click on Snort interface you will see two recently added interfaces, LAN and WAN.

Now click on enable button to enable both interfaces.

Screenshot 8

Now click on update tab and update the rules.

Screenshot 9

Step 6: open terminal window on your kali and start port scanning on pfsense.

[unreadable]

Screenshot 10

Go to Status > System Logs. Use the filter option (dropdown menu or search bar) to display only logs originating from Snort. Analyze the logs for entries indicating potential port scans

Snort logs will provide details about the detected port scan attempt, including source IP, destination IP (your pfSense VM), protocol used, and ports scanned.

[image]

Screenshot 11

Snort Configuration and Testing Steps

1. Snort Installation:

• Visited web console of pfSense at [the IP of pfSense VM] (Specify actual IP here).

• Login happens after the pfSense credentials setup is done.

• Visit the System tab and select Packages.

• Installed needed the "snort" package.

• Screenshot 1: This image illustrates "Implementation" stage of Snort installation process. It is seen Snort package highlighted for its installation.

2. Snort Configuration:

• Services > Snort and the Global Settings section was accessed.

• Reviewed and, if necessary, adjusted some configuration options (video and documentation for individual configuration settings are detailed later in this same document).

- Screenshot 5: From this screenshots you will notice that the screenshot shows the ‘Global Settings’ page with relevant configurations applied.

- This screenshot demonstrates the setting of Snort rules for port scan detection (the rules shown may differ in particular or categorical).

3. Snort Interface Configuration:

- Specified WAN and/or LAN network interfaces in “Interface snort tab”

- Screenshot 6 and 7: This screenshot shows the configuration settings at an interface that is used by Snort to create a new interface with a desired setting.

4. Enabling Snort Interfaces:

- Screenshot 8: The following picture portraits the Snort rule activation on the WAN and LAN sides.

5. Updating Snort Rules:

- Updated the changes made on both interfaces.

- Screenshot 9: This image shows the accessing to the Snort rule files updated successfully.

6. Testing Snort Functionality (Controlled Environment):6. Testing Snort Functionality (Controlled Environment):

- Screenshot 10: demonstrates the process and result of port scan on pfSense.

Verifying Snort Detection:

- On the pfSense VM, accessed Status > System Logs.

- Filtered logs to display entries only from Snort.

- Screenshot 11: Provides information about snort logs.

- This screenshot displays the Snort logs with entries highlighting the detected GVM scan.

Lessons Learned and Issues Encountered

• Laboratory reminded us of the vital position which the systems of intrusion detection can play in the detection and logging of strange network behaviors.

Preventing Installation Issues:

No issue encountered during installation snort.

Hardening Methods and Scan Detection

Copyright

Available Formats

Document text

Copyright

Available Formats

Document text