I can't find the answers to the 3 and 4 on IDS Basic 1.2

Hey, I been doing this lab for the last 3 days and I can’t complete It, I keep getting stuck and I don’t know how to solve/get task 3 and 4. I got 1 and 2 done.

Hey there - have you made it to the end of Part 2? You will get the answers to questions 3 and 4 by completing the last two steps.

If you’re getting stuck before that, please provide the Part / Step number, a description of the issue, and a screenshot.

I have but I think I am not doing it correctly or its not showing it shelf

I’m in sort of the same spot. I have the answer for the first 3. The 4th question wants a 3 digit number but I got a zero last night and a 5 today. My nano and Snort commands are correct.

Step 36 will give you the answer to #3. It will be a 5 digit number at the end of the statement that shows up.

In the screen shot you provided in another topic, your FTP rule is wrong:

image

You have alert tcp any 80 - > any 21

Should be alert tcp any any - > any 21

I think the alert tcp any 80 - > is from earlier in the lab when there were two web traffic rules.

We’ve updated the instructions to make the required changes clearer.

I had this too. step 36 and 37 retutrned no results. I removed the word detected from the grep as it isnt in the event/alert name when you look at the output without any filtering with grep it looks like an error with the event name not matching what grep is searching for.
the error was mine! a typo in the Local.rules!

1 Like