lab7

pdf

School

Community College of Baltimore County *

*We aren’t endorsed by this school

Course

DCOM224

Subject

Information Systems

Date

Apr 3, 2024

Type

pdf

Pages

2

Uploaded by BarristerSeaUrchin2174

Report
This is where you submit your completed assignment. Return to the lesson module to find the link to access the lab environment and documentation: Intrusion Detection Lab Practice Labs is compatible with recent versions of Chrome and Firefox. Please use one of these browser to access the lab. In this lab, we will explore a common, free Intrusion Detection System (IDS) called Snort, which is the most widely developed intrusion detection and prevention technology worldwide. You will also learn to use ZenMap and Wireshark. Initially, you will configure the Snort Intrusion Detection System (IDS) to alert on something simple, like an ICMP packet. Once you get Snort to work, you will execute a specific kind of scan – a FIN scan, where TCP FIN packets are sent from an attacker to a victim, even though there was no active connection. While you are running your FIN Scan attack, you’ll examine the packets in Wireshark to see what they look like. You’ll compare what you saw in Wireshark to the results you receive in Snort. Finally, you’ll complete the lab by doing one more Scan – an XMAS Tree Scan. You should be able to show that your Snort detector reports alerts. Compare your results to the Wireshark Capture that you did at the same time. What is it that the XMAS Tree scan actually does to the packets that are used to attack the victim? Deliverables
Write a lab report of your findings and experience doing this work. Include screen captures. Annotate the screen captures to indicate the interesting parts of what you completed. Include what commands/flags/options you used to get everything to work. For each command you issue at the command line, explain the command in words. What do each of the flags/options do? For the Wireshark captures, show the packets and what makes them ICMP, FIN or XMAS tree? What does nmap (or zenmap) do to create these? How does Snort recognize them? What makes these packets “wrong” or potentially malicious? Show the alerts that your Snort IDS reported for each of the three scans. Conclude with a one-page (single-spaced) write up of what you learned from this lab. This includes your learning experience and what this lab helped to you understand that a novice network security student might not know.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

ICTNWK405_AE_Sk_2of2-v2-Skill assesment-Build a small wireless local area network.docx
Cl_InterNW_AE_2of3_CS-case study-NetworkRouterSwitch_CS.docx
SITXHRM003 Assessment task 1 SIBN V1.0.docx
ICTNWK420_AE_Sk_2of2-skill- Install and configure virtual machines.docx
ICTNWK420_AE_CS_1of2-case study-Install and configure virtual machine.docx
SITXMGT001 Assessment task 1 SIBN V1.0.docx
lab1.pdf
Take Test_ M3_ Quiz – CYBR525-T302 Ethical Hacking and .._.pdf
CYB 320 3-1.docx
CYB 320 4-1 Reading Quiz.docx
CYB 320 1-2 Reading Quiz.docx
CYB 410 1-2 Reading Quiz.docx