Lab 3(work) - DF 138 Lab 3 Network-based IDS using SNORT...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
DF 138 Lab 3 Network-based IDS using SNORT Date: Mar 27, 2008 What is an Intrusion Detection System(IDS)? A firewall consists of allowing/disallowing certain types of traffic based on ports, certain IP addresses or specific patterns of traffic. A firewall admin can open ports to certain addresses, allow protocol traffic. An IDS, examines traffic and alerts an admin to potential problems based on rules that can be defined. SNORT is considered to be a lightweight IDS. It can be run in one of the three modes: i) sniffer mode, which does nothing but record packet flow through an interface; ii) packet logger mode, which records the traffic into a specified folder; and iii) full-blown network intrusion detection mode, which matches packets in the traffic flow against a predefined set of rules that can alert an admin to any suspicious events. SNORT’s architecture is based on 3 subsystems: i) a packet decoder; ii) a detection engine; and iii) logging and alerting system. These all functions with a library called Packet Capture(PCAP) that puts the NIC into promiscuous mode, allowing the NIC to collect all packets, not just those addressed to that system. To read more about SNORT, go to www.snort.org Procedure In this lab, you configure and demonstrate a Snort network IDS with a front-end application called IDScenter. A Snort server should be installed on your computer. Steps:
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 5

Lab 3(work) - DF 138 Lab 3 Network-based IDS using SNORT...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online