Skip to content

Latest commit

 

History

History
38 lines (27 loc) · 1.35 KB

readme.md

File metadata and controls

38 lines (27 loc) · 1.35 KB

requirements

getting started

  • install docker on your host machine
  • clone this repo git pull https://github.com/bmedicke/snort-demo.git && cd snort-demo
  • build the containers: docker-compose build
  • start the containers: docker-compose up
  • source the aliases on the host for easier management: source alias
  • use the red and blue aliases to connect to the respective host

blue host

  • edit snort.conf to your hearts content (skip to end of files for demo rules)
    • note: you can do this outside of the container
  • run snort via snort -c /etc/snort/snort.conf -A console or the s alias
  • for the SSH dictionary attack:
    • change your root password with passwd
    • start the ssh server in a new tmux pane /usr/sbin/sshd -D

red host

  • start probing the blue host and see what happens
  • things to try:
    • ping -c1 blue send single ping probe
    • nmap -sV blue version detection scan
    • hydra -l root -P 500-worst-passwords.txt blue ssh ssh dictionary attack

slides

recommended talks