Project 4 - IDSSNORT.docx - Hasibul Chowdhury CST 4710 Prof Li Project 4 IDS Snort Rule 1 Snort Rule alert icmp 192.168.1.255 any-> 192.168.10.2

Project 4 - IDSSNORT.docx - Hasibul Chowdhury CST 4710 Prof...

This preview shows page 1 - 3 out of 7 pages.

Hasibul Chowdhury CST 4710 Prof. Li Project 4 – IDS Snort Rule 1 Snort Rule: alert icmp 192.168.1.255 any -> 192.168.10.2 any (msg:"Alert ICMP with !!!!"; itype:8; content:"!!!!"; sid: 1) Suspicious Information: IP 192.168.1.255 is a broadcast IP address and the broadcast message contains blocks of “!!!!” which indicates that it is a malicious packet trying to attack as many hosts on the network as possible. Snort Alert Output: [**] [1:1:0] Alert ICMP with !!!! [**] [Priority: 0] 05/04-09:53:52.830835 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x88 192.168.1.255 -> 192.168.10.2 ICMP TTL:254 TOS:0x0 ID:11122 IpLen:20 DgmLen:122 DF Type:8 Code:0 ID:11122 Seq:0 ECHO [**] [1:1:0] Alert ICMP with !!!! [**] [Priority: 0] 05/04-09:53:52.701466 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x88 192.168.1.255 -> 192.168.10.2 ICMP TTL:254 TOS:0x0 ID:11122 IpLen:20 DgmLen:122 DF Type:8 Code:0 ID:11122 Seq:0 ECHO [**] [1:1:0] Alert ICMP with !!!! [**] [Priority: 0] 05/04-09:53:52.965429 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x88 192.168.1.255 -> 192.168.10.2 ICMP TTL:254 TOS:0x0 ID:11122 IpLen:20 DgmLen:122 DF Type:8 Code:0 ID:11122 Seq:0 ECHO
Image of page 1
Rule 2 Snort Rule: alert udp 255.255.255.255 any -> 192.168.10.2 any (msg:"Alert BOOTP with DHCP Discover"; content:"DHCP"; content:"DISCOVER"; sid: 1) Suspicious Information: A host will send a DHCP Discover message when it is trying to obtain an IP address from the DHCP server. 255.255.255.255 is a broadcast address and it is sending a DHCP Discover message to the host instead. Snort Alert Output: [**] [1:1:0] Alert BOOTP with DHCP Discover [**] [Priority: 0] 05/04-09:53:52.836019 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x3C 255.255.255.255:68 -> 192.168.10.2:67 UDP TTL:1 TOS:0x0 ID:2513 IpLen:20 DgmLen:41 DF Len: 13 [**] [1:1:0] Alert BOOTP with DHCP Discover [**] [Priority: 0] 05/04-09:53:52.706591 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x3C 255.255.255.255:68 -> 192.168.10.2:67 UDP TTL:1 TOS:0x0 ID:2513 IpLen:20 DgmLen:41 DF
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 7 pages?

  • Spring '16
  • Xia
  • IP address, Domain Name System, User Datagram Protocol, Dynamic Host Configuration Protocol, alert tcp

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture