Presentation is loading. Please wait.

Presentation is loading. Please wait.

SNORT! Among other things. Description Open source ids/ips Real-time analysis: alerting, blocking, logging Real-time response: alerting, session sniping,

Published byStuart Hancock Modified over 8 years ago

Similar presentations

Presentation on theme: "SNORT! Among other things. Description Open source ids/ips Real-time analysis: alerting, blocking, logging Real-time response: alerting, session sniping,"— Presentation transcript:

1 SNORT! Among other things

2 Description Open source ids/ips Real-time analysis: alerting, blocking, logging Real-time response: alerting, session sniping, packet logging, session dropping Written in C

3 Functional Modes Packet Sniffer (like tcpdump) Packet Logger (for network traffic debugging) IDS/IPS

4 Usage Snort –[options] Ex – snort 192.168.1.0/24 –d –v host 192.168.1.1 – Records the traffic to and from host 192.168.1.1

5 Rules /etc/snort/rules /attack-responses.rules /backdoor.rules /bad-traffic.rules /chat.rules /content-replace.rules /ddos.rules

6 BASE Basic Analysis and Security Engine Web-based analysis engine to search and process a database of security events ‘Google for Snort’ Included w/ snort Needs to be set up properly, should not be externally visible ideally.

7 Other Stuff…

8 Snort rule parser (python ) /pentest/exploits/inguma/lib/libsnort.py Part of the Inguma Penetration Testing Toolkit Script includes handy and concise way to parse snort rules – could help w/ snort extensions

9 Header Files (*.h) /usr/local/src/snort_dynamicsrc /stream_api.h seems to define a lot of the juicy packet handling functions

10 Logging /var/log/snort Pretty typical location for logging, not really sure at this point what is stored here.

11 Other sources of info BRO – Includes utility to use snort rules SysLog – not an IDS, just provides detailed system info Snort Rules – http://www.ussrback.com/docs/papers/IDS/snort _rules.htm

Download ppt "SNORT! Among other things. Description Open source ids/ips Real-time analysis: alerting, blocking, logging Real-time response: alerting, session sniping,"

Similar presentations

Accel Computerized Maintenance Management System.

Accel Computerized Maintenance Management System.
Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.

Module 13: Performance Tuning. Overview Performance tuning methodologies Instance level Database level Application level Overview of tools and techniques.
Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.

Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.

IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
Mastering Windows Network Forensics and Investigation Chapter 15: Forensic Analysis of Event Logs.

Mastering Windows Network Forensics and Investigation Chapter 15: Forensic Analysis of Event Logs.
MONITORING TOOLS Open Source Security Tools to monitor your network.

MONITORING TOOLS Open Source Security Tools to monitor your network.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.

Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
Introduction to Snort’s Working and configuration file

Introduction to Snort’s Working and configuration file
Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector  Background.

Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector  Background.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Information Networking Security and Assurance Lab National Chung Cheng University Snort.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.

Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.

Similar presentations

Ads by Google