fragments detected possible hostile activity 3 Using simple Unix operating

Fragments detected possible hostile activity 3 using

This preview shows page 3 out of 3 pages.

fragments detected, possible hostile activity";)3. Using simple Unix operating system tools (e.g. netcat) or by writing your own code, createa packet stream that is composed of 3 UDP packets, with 0xF00F at offset 100 in the firstpacket, 0xCAFE at offset 200 in the second packet, and 0xBEEF at offset 300 in the thirdpacket. Write a Snort rule for this packet stream and detect it.4. Using simple Unix operating system tools (e.g. netcat) or by writing your own code, triggerthis alert:alert tcp any any -> any 23 ( msg:"MALWARE-BACKDOOR w00w00 attempt";flow:toserver,established; content:"w00w00"; classtype:attempted-admin; )5. Write a Bro policy to detect the viewing/web browsing of the CUNY John Jay front page bycontent only (not by URL). 5 Word Problems 1. Do the systems mentioned in section 4 work together? If so, explain how. If not, why not? 6 Deliverables 1. A report describing all your findings above. 2. A zip file containing: Any signatures or scripts developed. Answers to all word problems in Part 5. 3. Submit by the lecture on October 17, 2018. 7 Grading Points will be subtracted if any of the pieces of the deliverables are missing or incomplete. 3
Image of page 3

You've reached the end of your free preview.

Want to read all 3 pages?

  • Spring '19
  • intrusion detection systems, Network intrusion detection system, Host-based intrusion detection system

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture