JIB Posted May 12, 2019 Share Posted May 12, 2019 Hello,I am working with a penetration testing lab environment that uses Kali Linux 2018 VM (as an attacker), CentOS 7 (as a target), Windows Server 2016 (as a target), and Security Onion 2019 (as the Intrusion Detection system). All VMs are in VirtualBox and are on the same local network. I am looking to test out some footprinting commands like "whois", "nslookup", and "traceroute". For example, I am using Kali to issue a command like "nslookup www.google.com" and "traceroute www.google.com". My goal is to receive alerts in Security Onion tools (like Sguil, Squert, Kibana) to detect those footprinting commands from Kali. I am not sure why I am unable to do that. I believe it is because Security Onion cannot see the commands being issued because they are gathering information from websites. In VirtualBox, I am using a NAT adapter for both Kali and Security Onion. I am able to successfully perform the attacks in Kali but cannot detect them in Security Onion (attacks like nslookup and traceroute, just to name a couple of them). Another lab I'm doing involves using hping3 to conduct IP spoofing. The attack is tracked using Wireshark. But I'm having trouble detecting it in Security Onion. I have tried loading a snort rule into the "downloaded.rules" file in Sec. Onion (ran "rule-update" to do that). But each time, I've tried I don't see any alerts in Security Onion tools like Sguil or Squert. I thought that since all VMs are on the local network (and the lab does not rely on Internet), it would be a greater chance to detect the IP spoofing (hping3) attack?? I would appreciate any suggestions/help with these problems. I am stuck as to how to solve them.Thank you in advance!Jacob Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.