Presentation is loading. Please wait.

Presentation is loading. Please wait.

LAB 9 – INTRUSION DETECTION AND PREVENTION SYSTEMS

Published byKelley Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "LAB 9 – INTRUSION DETECTION AND PREVENTION SYSTEMS"— Presentation transcript:

1 LAB 9 – INTRUSION DETECTION AND PREVENTION SYSTEMS
HANDS ON INSTALLING, CONFIGURING AND TESTING SNORT USING KALI LINUX Scope Download and install Configuration: Edit configuration file Configuring logs Create a custom rule with message Launching the attack Capture & review the log file with the alerts configured in the custom rule 1. Download and Install [All commands are highlighted in Red text] Access the terminal of the kali Linux apt-get install snort when it asks for the address range, retrieve the IP address using ifconfig on a separate terminal window check the subnet mask if its 16 bit or 24 bit and based on that give the ipaddress in the range Example: if ipaddress is and Subnet mask is [24 bit], then range in snort should be /24 Let the installation complete! At successful installation it will return to default prompt. 2. Edit Snort Configuration File and Rules Creation 2.1. Create a blank rules file to place your custom rules in, this is different than the default rules used by snort touch /etc/snort/rules/custom.rules 2.2. edit the Snort configuration file to add to snort the newly created custom.rules file vi /etc/snort/snort.conf 2.3. type /include $RULE_PATH (this command will take you the rule inclusion page in the vi editor) scroll down using pgdown or arrow keys till you reach the end of the include $RULE_PATH entries press ‘i’ key on keyboard edit the file in the vi editor 1

2 Reviewing the log file with attacks captured
after the last default entry in the include $RULE_PATH type include $RULE_PATH/custom.rules press ‘esc’ key on keyboard and then ‘wq’ to save and quit the snort configuration file 2.4. Creating a location for log files and verify if the log file are getting populated mkdir log snort – l ./log –b –c /etc/snort/snort.conf (this will start snort and run the live traffic on the computer and network against the rules in the snort.conf) ctrl+z cd log ls if the list command results with files such as ‘alert’ and ‘snort.log.<<randomnumbers>>’ then your snort is running and generating logs as well successfully rm* (Removes the contents of the log files) 2.5. Creating custom rule to detect icmp attack or ping attack vi /etc/snort/rules/custom.rules press ‘i’ to enter into insert mode alert icmp any any -> any any (msg: “Possible ping attack”; sid: ;) press ‘esc’ key and then ‘wq’ to save the custom.rules file 3. Launching the attack Launch the snort on the Kali Linux snort -l ./log -p -c /etc/snort/snort.conf From any other machine in the network ping the Kali Linux machine with unlimited number of packets Let the snort run for a minute for the capture to work and log file get populated 4. Reviewing the log file with attacks captured cd log ls leafpad alert The alert file should be populated with the alert message “Possible ping attack’ as configured in the custom rule file. 2

Download ppt "LAB 9 – INTRUSION DETECTION AND PREVENTION SYSTEMS"

Similar presentations

Dayu Zhang 9/8/2014 Lab02. Example of Commands pwd --- show your current directory This is home of venus, not your home directory Tilde: means you are.

Dayu Zhang 9/8/2014 Lab02. Example of Commands pwd --- show your current directory This is home of venus, not your home directory Tilde: means you are.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.

Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
Working Environment - - Linux - -.

Working Environment - - Linux - -.
UnixUnix Basic. Convention Italic text indicates text displayed by the computer system. For example, login: indicates a login prompt displayed by the.

UnixUnix Basic. Convention Italic text indicates text displayed by the computer system. For example, login: indicates a login prompt displayed by the.
1 Using Editors Editors let you create and edit ASCII files UNIX normally includes two editors: vi and Emacs Vi and Emacs are screen editors: they display.

1 Using Editors Editors let you create and edit ASCII files UNIX normally includes two editors: vi and Emacs Vi and Emacs are screen editors: they display.
1. ---------------------- Integrity Check ---------------------- As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Embedded Programming and Robotics Lesson 13 Basic Linux 1.

Embedded Programming and Robotics Lesson 13 Basic Linux 1.
L INUX C OMMAND L INE I NTERFACE 15-09-2013 G UNAANBAN.G

L INUX C OMMAND L INE I NTERFACE G UNAANBAN.G
Ch 8-3 Working with domains and Active Directory.

Ch 8-3 Working with domains and Active Directory.
SoftwareTools CGS 3460, Lecture 7 Jan 25, 2006 Zhen Yang.

SoftwareTools CGS 3460, Lecture 7 Jan 25, 2006 Zhen Yang.
Simulation of IDS by using Activeworx Security Center (ASC) and Snort, MySQL, CommView Presented by Shamsul Wazed & Quazi Rahman School of Computer Science.

Simulation of IDS by using Activeworx Security Center (ASC) and Snort, MySQL, CommView Presented by Shamsul Wazed & Quazi Rahman School of Computer Science.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.

One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Squiggle Lan Messenger.

Squiggle Lan Messenger.
Linux environment ● Graphical interface – X-window + window manager ● Text interface – terminal + shell.

Linux environment ● Graphical interface – X-window + window manager ● Text interface – terminal + shell.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Lab How to Use WANem Last Update 2011.08.01 1.1.0 Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 1.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Objectives Define IP Address To be able to assign an IP address with its Subnet Mask and Default Gateway to a PC that operates using Windows 7 or Fedora.

Objectives Define IP Address To be able to assign an IP address with its Subnet Mask and Default Gateway to a PC that operates using Windows 7 or Fedora.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
Intrusion Detection: Snort. Basics: History Snort was developed in 1998 by Martin Roesch. It was intended to be an open-source technology, and remains.

Intrusion Detection: Snort. Basics: History Snort was developed in 1998 by Martin Roesch. It was intended to be an open-source technology, and remains.

Similar presentations

Ads by Google