Skip to content

Lab 10

All documentation is written in markdown format

Snort Logging LetMeCry Exploit Alerts

  1. Log into pfsense - 172.16.20.250
  2. Accept agreement
  3. Install Snort
    1. System → Package Manager → Available Packages
    2. Search for Snort
    3. Install Snort
    4. Confirm
  4. Add Snort interface
    1. Service → Snort → Interfaces
    2. Add
    3. SUBSCRN
    4. Check "Send Alerts to System Log"
  5. Service → Snort → Edit Interface SUBSCRN
    1. Custom rule
alert tcp any any -> 172.16.10.100 80 (msg: "LetMeCry Exploit"; content: "GET"; content:"%3A%3A%28%29x0001%5E%28%3A%3A%29%28xFFFF%29"; sid: 12345;)
  1. Wait a minute or two for green check