Baraka Network Baraka Network
Translate this page in :
French German Italian Portuguese Arabic Japanese Korean Spanish
Mastering Networks made easy

 

 Home Products How To Faq Download Contact Us

 

"I needed help urgently with my office network.
I called up Baraka and they solved the issue in no time at all. "
            -Mike Kendrick.


Easy Solutions at Baraka

 

ontact Details:
Head office
6-353 Broadway
Shawinigan Que.
Canada G9N-1M2
(819) 531-2340

 

Intruder Help File

Minimum Hardware: 
Cpu : PII 233
Hdd: 1Gb
Mem: 64 Mbs

Compatibility: All

Setting Logging details

Listen on Ethernet: By default Intruder starts listening to network traffic on Ethernet interface eth0. Many people run Intruder on multi-interface machines. It is possible to start Intruder and listen to some other interface.
Alert Type: Alert modes are used to set different levels of detail with the alert data. 

  • Full alert mode This is the default alert mode. It prints the alert message in addition to the packet header. As you can see, additional information is logged with the alert message. This additional information shows different values in the packet header, including Time to Live (TTL) value in the IP packet header. For details on TTL value, the Type Of Service (TOS) value in the IP packet header. Length of IP packet header shown as IpLen:20 Total length of IP packet shown as DgmLen:60. ICMP Type field. ICMP code value. IP packet ID. Sequence number ICMP packet type which is ECHO.
  • Fast alert mode logs the alert with following information: Timestamp Alert message (configurable through rules) Source and destination IP addresses Source and destination ports.
  • Console alert Mode send "fast-style" alerts to the console (screen).
  • cmg alert Mode generate "cmg style" alerts.
  • None alert Mode completely disables Intruder alerts. This option is very useful for high speed intrusion detection using unified logging.

Log Link Layer: Dump the raw packet data starting at the link layer.
Print Receiving Interface: Will print the receiving interface name in alerts.
Dump Raw Packets: Dump the raw packet data starting at the link layer.
Change Timestamp: Will changes the timestamp in all logs to be in UTC.
Reduce Spoofing: Reduce the amount of spoofing that may be done against Intruder.

Default Network setup


monitor your network using policy-based IDS
Lan IP: Designates the local IP addresses/subnets. Multiple subnets may be inserted. Must be separated by a space.
Wan IP: Designates the all IP addresses/subnets other than those of your Lan. May be written as ie:0.0.0.0/0 or to use the Lan IP address as in the picture it would be !192.168.1.0/24. Which means NOT192.168.1.0/24
Http Port: Will monitor port(s) on your local network for which your web server runs on. If no ports are inserted, Intruder will listen to port 80. Multiple ports may be inserted, must be separated by a space. Http option must be selected.
Dns: Will monitor Dns activity on your local network. Default port is 53.
Http: In conjunction with Http_port. Will monitor your web server(s) within your local network.
Smtp: Will monitor your email server(s) within your local network. Default port 25.
Sql: Will monitor sql request on your local network running on ports 139, 445, 1433 and 1434.
Snmp: Snmp related packets will be logged and shown. Default ports, 161 and 162.
Telnet: Port number 23 is used in the rule, which means that the rule will be applied to TCP traffic going from port 23. The rule checks only response from Telnet servers, not the requests.

Note: Some options in the rule sets may be unavailable. If so, select the appropriate option in Network window as shown above.

 

Nouvelle page 1

Intruder Help

Setup Options

Alert Config
Network

Preprocessor

Protocol
Web

Services
Smtp
Misc

Notification Add
Notification Edit

Config
Change Password
Set Time
Intruder
Backup
Restore
Dns Manager
Home :: :: Products :: :: How to :: :: FAQs :: :: Download :: :: Contact Us