Ask Question, Ask an Expert

+61-413 786 465

[email protected]

Ask Computer Engineering Expert

Engineering


Home >> Computer Engineering

problem 2 [60% - 10% for each of 6 snort rules]
There are several distinct packet signatures in the packet trace file. In the trace file, there are 30 packets total. Your task is to create 6 new snort rules that will uniquely identify the 6 different packet signatures. One snort rule is already shown as an ex (i.e., alert icmp any any -> 192.168.10.2 any (msg:"ping detected"; itype:8; sid:999;)). Since you were already provided with the ex snort rule, you need to "comment out" that the ex rule in the csec640.rules file by putting the "#" at the beginning of the line in front of the word "alert". Look though the packet trace to identify the other rules. Look for more general signatures where you can, however, be careful not to prepare signatures that are too general (e.g., no 3 "any"s in a single rule). Part of the intent of the lab is to learn how to prepare effective rules. It is easy to prepare a rule that matches all IP datagrams regardless of content, but this would be a very ineffective rule at detecting anomalous or malicious activity.

Include in your prepare up the 6 additional rules you have created as well as the c:snortbinlogalert.ids output (you may screen-capture the alert output and include it in the report). The alert output file is appended each time snort has output, so you want to erase the alert file by typing 
del C :snortbinlogalert.ids before each snort run while experimenting with different rules. Be sure to include a descriptive message ("msg" and "sid:xxx") with each alert. In addition, briefly describe each rule you prepare. 

The report should include the following information:

Rule #1:
• Snort alert rule you've created.
alert tcp any any -> 192.168.1.0/24 80 (msg:"SYN FLOOD"; sid:10999;)
• describe how rule #1 works.
• Snort alert output: the result obtained from c:snortbinlogalert.ids by running rule #1.


Rule #2:
• Snort alert rule you've created.
• describe how rule #2 works.
• Snort alert output: the result obtained from c:snortbinlogalert.ids by running rule #2.


Repeat for (Rule #3 - Rule #6)

Please test each rule individually and comment on any previous rules that you have successfully tested. This allows you to test each rule for better troubleshooting. 

The rules you prepare may be instructive, but not the most useful for a real system. 

Computer Engineering, Engineering

  • Category:- Computer Engineering
  • Reference No.:- M993743

Have any Question?


Related Questions in Computer Engineering

Does bmw have a guided missile corporate culture and

Does BMW have a guided missile corporate culture, and incubator corporate culture, a family corporate culture, or an Eiffel tower corporate culture?

Rebecca borrows 10000 at 18 compounded annually she pays

Rebecca borrows $10,000 at 18% compounded annually. She pays off the loan over a 5-year period with annual payments, starting at year 1. Each successive payment is $700 greater than the previous payment. (a) How much was ...

Jeff decides to start saving some money from this upcoming

Jeff decides to start saving some money from this upcoming month onwards. He decides to save only $500 at first, but each month he will increase the amount invested by $100. He will do it for 60 months (including the fir ...

Suppose you make 30 annual investments in a fund that pays

Suppose you make 30 annual investments in a fund that pays 6% compounded annually. If your first deposit is $7,500 and each successive deposit is 6% greater than the preceding deposit, how much will be in the fund immedi ...

Question -under what circumstances is it ethical if ever to

Question :- Under what circumstances is it ethical, if ever, to use consumer information in marketing research? Explain why you consider it ethical or unethical.

What are the differences between four types of economics

What are the differences between four types of economics evaluations and their differences with other two (budget impact analysis (BIA) and cost of illness (COI) studies)?

What type of economic system does norway have explain some

What type of economic system does Norway have? Explain some of the benefits of this system to the country and some of the drawbacks,

Among the who imf and wto which of these governmental

Among the WHO, IMF, and WTO, which of these governmental institutions do you feel has most profoundly shaped healthcare outcomes in low-income countries and why? Please support your reasons with examples and research/doc ...

A real estate developer will build two different types of

A real estate developer will build two different types of apartments in a residential area: one- bedroom apartments and two-bedroom apartments. In addition, the developer will build either a swimming pool or a tennis cou ...

Question what some of the reasons that evolutionary models

Question : What some of the reasons that evolutionary models are considered by many to be the best approach to software development. The response must be typed, single spaced, must be in times new roman font (size 12) an ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Why might a bank avoid the use of interest rate swaps even

Why might a bank avoid the use of interest rate swaps, even when the institution is exposed to significant interest rate

Describe the difference between zero coupon bonds and

Describe the difference between zero coupon bonds and coupon bonds. Under what conditions will a coupon bond sell at a p

Compute the present value of an annuity of 880 per year

Compute the present value of an annuity of $ 880 per year for 16 years, given a discount rate of 6 percent per annum. As

Compute the present value of an 1150 payment made in ten

Compute the present value of an $1,150 payment made in ten years when the discount rate is 12 percent. (Do not round int

Compute the present value of an annuity of 699 per year

Compute the present value of an annuity of $ 699 per year for 19 years, given a discount rate of 6 percent per annum. As

Follow Us

© Copyright 2013-14 mywordsolution.com All rights reserved