Presentation is loading. Please wait.

Presentation is loading. Please wait.

An overview.

Published byChristine Norman Modified over 9 years ago

Similar presentations

Presentation on theme: "An overview."— Presentation transcript:

1 an overview

2 Snort is an Intrusion Detection System (IDS)
Automated tools to detect intrusions Works locally (reactionary) or network wide (preemptive) Preemptive IDS can use traffic monitoring or content monitoring Does NOT block intruders. Assumes a human is watching!!!

3 What IDS are available? Cisco Secure IDS (Formerly NetRanger)
Network Flight Recorder Realsecure (ISS) SecureNet Pro Snort!!!

4 Why pick Snort? “Lightweight” Free Portable
Runs on HP-UX, Linux, AIX, Irix, *BSD, Solaris, Win2K Configurable with easy setup Lightweight – does not have a big foot print (110 KB) Free – Licensed under the GPL and has no cost (combined with lightweight – can be run on an old 486)

5 What can Snort do? Packet sniffer Packet Logger Preemptive IDS
Actively monitors network traffic in real time to match intrusion signatures and send alerts Snort has many applications

6 Rules, Rules, Rules alert udp $EXTERNAL_NET 53 -> $HOME_NET :1024 (msg:"MISC source port 53 to <1024";) Rule alerts that anything from the external network coming in from port 53 and going to port 1024 should be flagged Can also alert based on packet content not just source / destination ports Does not block the problem. Assumes that someone is watching.

7 And more Rules Rules can: Alert, Log, or Pass Used for IP, UDP, ICMP
Source address / port Destination address / port Additional options This is where content matching can take place

8 Luckily you probably won’t have to write rules!
Rules are published on Snort.org A good way to write rules is to run attacks against a particular machine and implement the rule signatures from the packets captured during the attack.

9 What do the alerts look like?
[**] MISC source port 53 to <1024 [**] 05/21-16:30: :53 -> XXX.XXX:1024 UDP TTL:253 TOS:0x0 ID:60955 IpLen:20 DgmLen:268 DF Len: 248 These can also be nicely formatted by different parser programs

10 Installation Install libcap Install Snort Test # ./configure # make
# make install Test #snort -v Will see packets flowing through with a final summary of the scanned traffic.

11 More resources Snort.org Securityfocus.com Whitehats.com

12 PSCS Implementation By Mark Peoples

Download ppt "An overview."

Similar presentations

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.

Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Table of Contents 3 - IDS types 8 - Ethernet Frame 9 - IP frame 10 - TCP frame 11 - UDP frame 12 - ICMP Frame 13 - 3-way handshake 15 - TCP flags 16 -

Table of Contents 3 - IDS types 8 - Ethernet Frame 9 - IP frame 10 - TCP frame 11 - UDP frame 12 - ICMP Frame way handshake 15 - TCP flags 16 -
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
Snort - Open Source Network Intrusion Detection System Survey.

Snort - Open Source Network Intrusion Detection System Survey.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.

Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Martin Roesch Sourcefire Inc.

Martin Roesch Sourcefire Inc.
Modified slides from Martin Roesch Sourcefire Inc.

Modified slides from Martin Roesch Sourcefire Inc.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
Modified slides from Martin Roesch Sourcefire Inc.

Modified slides from Martin Roesch Sourcefire Inc.
Modified slides from Martin Roesch Sourcefire Inc.

Modified slides from Martin Roesch Sourcefire Inc.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Report on statistical Intrusion Detection systems By Ganesh Godavari.

Report on statistical Intrusion Detection systems By Ganesh Godavari.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Similar presentations

Ads by Google