Intrusion Detection Using IDS Tool Like SNORT

Dear IPVM members,

Cheers! Need a suggestion for my project. (may be interesting for you as well). I have some few cameras in our lab which is exposed to external public. With correct IP and port it will land to login page of camera. In the same, we are collecting a pcap file using tcpdump. Eventually, have a lot of pcap file for OFF-Line analysis. to know few important details.

1. Is anyone trying to use brute force /guess password to login the cameras.

2. These camera should not accessed (except certain public IP in our whilte list). Monitor who is visiting/ from where? etc in log file or cvs file..

Using Snort in IDS mode, to analysis the pcap files (OFF-Line) to with few rules. I am using to Security onion distro for this which has SNORT and other useful tool installed...to make this easier.

So, any one done similar things... will be grateful if you share the best practice or what to do / what not to do?

For example: create the each day's (data wise) pcap file from master folder to sub folder. Snort will use (automatically or manually) this folder data as a input pcap files. etc..

Any thoughts welcome :)

Thanks

Chandra

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

** ***'** ****** ** ************* ****** ********* ******** *** ***** them *** ***** **** ** ***** ***********.

******* ** *** ****** ***.. ******* ** ******* *** **** and ******* **.

****** *** ****. **, ******** *** ** ** **** ******? if ******* ***** **** **'* ** **** *** ************* *** record **. ********** **** ******** :)

******!

*******

** ****** **** *** **** ** ****** *********. ********* **** ** ****** ************ ** ******** ****** ***********, especially **** ******* ************************ ***** ********* ****.

******** **** ** **** ******, *** ******* ***** ********* ******** and **** ** ******** ***** *************. *** **** *** *** doing * ***** *** ** *** **** ** *** ** though ******* ** ***** ***** *** ****** *** **** ** detect.