面对生活中的手机、电脑网络监控,很多人都是束手无策的,只不过雁过留声风过留痕,黑客路过就会留下入侵痕迹,比如手机没玩的时候,流量异常的增多,并且一直和某一个IP地址通信很频繁,可能是黑客正在下载手机上的图片,然而这些都是行为日志,只需要记录家庭路由器上所有的流量,便可以筛选出黑客的IP地址,snort3入侵检测系统是从威胁的角度出发,对流量进行异常检测,个人注册的有19000多条规则~
ailx10
1952 次咨询
4.9
网络安全优秀回答者
互联网行业 安全攻防员
去咨询
1、安装 PulledWork
sudo https://zhida.zhihu.com/search?content_id=217649125&content_type=Article&match_order=1&q=apt-get&zhida_source=entity install -y libcrypt-ssleay-perl liblwp-useragent-determined-perl
wget https://github.com/shirkdog/pulledpork/archive/master.tar.gz -O pulledpork-master.tar.gz
tar xzvf pulledpork-master.tar.gz
sudo cp pulledpork.pl /usr/local/bin
sudo chmod +x /usr/local/bin/pulledpork.pl
sudo mkdir /usr/local/etc/pulledpork
sudo cp etc/*.conf /usr/local/etc/pulledpork2、验证 PulledPork
/usr/local/bin/pulledpork.pl -V3、编辑 pulledpork.conf
sudo vim /usr/local/etc/pulledpork/pulledpork.conf
rule_url=https://www.snort.org/rules/|snortrules-snapshot-31210.tar.gz|<yourself_oinkcode>
rule_path=/usr/local/etc/rules/snort.rules
local_rules=/usr/local/etc/rules/local.rules
sid_msg_version=2
sorule_path=/usr/local/etc/so_rules/
distro=Ubuntu-18-4
block_list=/usr/local/etc/lists/default.blocklist
IPRVersion=/usr/local/etc/lists
pid_path=/var/log/snort/snort.pid
ips_policy=security4、运行pulledpork.pl
sudo /usr/local/bin/pulledpork.pl -c /usr/local/etc/pulledpork/pulledpork.conf -l -P -E -H SIGHUP5、修改snort.lua
include = RULE_PATH .. "/snort.rules",6、检验规则,19000+条规则
snort -c /usr/local/etc/snort/snort.lua
7、修改保护范围
/usr/local/etc/snort/snort.lua
HOME_NET = '192.168.0.107'8、运行snort3
9、投递木马
msfvenom
10、监控成功
msfconsole
发布于 2022-11-13 10:36・IP 属地江苏