- install docker on your host machine
- clone this repo
git pull https://github.com/bmedicke/snort-demo.git && cd snort-demo
- build the containers:
docker-compose build
- start the containers:
docker-compose up
- source the aliases on the host for easier management:
source alias
- use the
red
andblue
aliases to connect to the respective host
- edit
snort.conf
to your hearts content (skip to end of files for demo rules)- note: you can do this outside of the container
- run snort via
snort -c /etc/snort/snort.conf -A console
or thes
alias - run snort via
snort -c /etc/snort/snort_ips.conf -A console -v -C -k none
in inline mode alias svi
- start probing the blue host and see what happens
- things to try:
- alias a1
nmap -sV blue
version detection scan - alias a2
ping -c1 blue
send single ping probe - alias a3
curl -i -L http://blue/pm.php
- alias a4
curl -i -L http://blue -X POST
- alias a5
hydra -l root -P /500-worst-passwords.txt blue mysql
- alias a1