Question

In: Computer Science

Write a snort rule that will fire when you browse to craigslist.org from the machine Snort...

Write a snort rule that will fire when you browse to craigslist.org from the machine Snort is running on; it should look for any outbound TCP request to craigslist.org and alert on it.

Solutions

Expert Solution

1. Install Snort into your operating system.
    >> sudo apt-get install snort

2. Read through Snort's configuration guide and edit /etc/snort/snort.conf as needed for your machine

3. When you run snort you'll see many errors/warnings in the output. Warnings about duplicate rules are okay, but others aren't.

4. Read about Snort's rule syntax and configuration

Trigger some alerts
    Find two different rules in the /etc/snort/rules/*.conf files and read about them, understand them. Now try to trigger the rules. Some of the simpler rules to trigger are based on finding bad data in web requests. Many inbound tests need incoming requests on established connections. You can start a simple webserver like this: sudo python -m SimpleHTTPServer 80

    Once triggered, view the alert in /var/log/snort. It will be in binary, so you'll need to convert it from Snort's unified2 format into human readable using:

    gmu@gmu-virtual-machine:/var/log/snort$ u2spewfoo snort.log
   
    Turn in: - The alert signature (from the rules file)
                  - A description of how you triggered the alert
                  - The alert itself from the log file (after converting it to readable text)

    Do this for two Snort rules.

Problem 2: Writing your own rules
In this part you need to write a rule that will fire when you browse to craigslist.org from the machine Snort is running on. So it should look for any outbound TCP request to craigslist.org and alert on it. The alert should also fire for any of the pages under the main page for example. You should add your rule into /etc/snort/rules/local.rules. Make sure to pick a SID 1000000 . Make sure your rule does NOT trigger when you go to other .org sites.

    Turn in: - The alert signature (from the rules file)
                  - The alert itself from the log file (after converting it to readable text)

venereology answered 1 year ago
Next > < Previous

Related Solutions

Write a java console application,. It simulates the vending machine and ask two questions. When you...
Write a java console application,. It simulates the vending machine and ask two questions. When you run your code, it will do following: Computer output: What item you want? User input: Soda If user input is Soda Computer output: How many cans do you want? User input:            3 Computer output: Please pay $3.00. END The vending machine has 3 items for sale: Soda the price is $1.50/can. Computer should ask “How many cans do you want?” Chips, the price is $1.20/bag....
You are in your room when the fire alarm sounds. You look out of your door...
You are in your room when the fire alarm sounds. You look out of your door and see the stairs full of smoke. You remember that some work was being done on the outside of the building and a 10 m long ladder is reachable outside your window. You can climb out to a point 2 m from the top of the ladder. you see that the ladder is resting against a smooth wall (negligible friction) above you and on...
A fire insurance company thought that the mean distance from a home to the nearest fire...
A fire insurance company thought that the mean distance from a home to the nearest fire department in a suburb of Chicago was at least 4.7 miles. It set its fire insurance rates accordingly. Members of the community set out to show that the mean distance was less than 4.7 miles. This, they thought, would convince the insurance company to lower its rates. They randomly identified 64 homes and measured the distance to the nearest fire department from each. The...
A fire insurance company thought that the mean distance from a home to the nearest fire...
A fire insurance company thought that the mean distance from a home to the nearest fire department in a suburb of Chicago was at least 5.9 miles. It set its fire insurance rates accordingly. Members of the community set out to show that the mean distance was less than 5.9 miles. This, they thought, would convince the insurance company to lower its rates. They randomly indentified 62 homes and measured the distance to the nearest fire department from each. The...
A fire insurance company thought that the mean distance from a home to the nearest fire...
A fire insurance company thought that the mean distance from a home to the nearest fire department in a suburb of Chicago was at least 5.9 miles. It set its fire insurance rates accordingly. Members of the community set out to show that the mean distance was less than 5.9 miles. This, they thought, would convince the insurance company to lower its rates. They randomly indentified 60 homes and measured the distance to the nearest fire department from each. The...
A fire insurance company thought that the mean distance from a home to the nearest fire...
A fire insurance company thought that the mean distance from a home to the nearest fire department in a suburb of Chicago was at least 4.7 miles. It set its fire insurance rates accordingly. Members of the community set out to show that the mean distance was less than 4.7 miles. This, they thought, would convince the insurance company to lower its rates. They randomly identified 64 homes and measured the distance to the nearest fire department from each. The...
By rewriting the formula for the multiplication​ rule, you can write a formula for finding conditional...
By rewriting the formula for the multiplication​ rule, you can write a formula for finding conditional probabilities. The conditional probability of event B​ occurring, given that event A has​ occurred, is Upper P left parenthesis Upper B vertical line Upper A right parenthesis equals StartFraction Upper P left parenthesis Upper A and Upper B right parenthesis Over Upper P left parenthesis Upper A right parenthesis EndFraction . Use the information below to find the probability that a flight departed on...
1a. On planet #4, you fire a projectile from the ground at an initial speed of...
1a. On planet #4, you fire a projectile from the ground at an initial speed of 29.7 m/s at an angle of 44.7 degrees above the horizontal. The projectile lands 36.1 m away from the launch point. What is the value of g for planet #4? b. On planet #5, a stone dropped from a height of 44.4 m above the ground will hit the ground at a speed of 43.2 m/s. What is the value of g for planet...
(Q2) As a fire engineer, assume that you are assigned to a fire engineering design of...
(Q2) As a fire engineer, assume that you are assigned to a fire engineering design of the retail building with extraordinary atrium that connected six floors. You have to adopt fire engineering approach on this project and conduct a theoretical analysis of full evacuation in this commercial building. Please brief your design procedures. (Hint: Relationship between occupant density, travel speed and flow is recommended to consider.)
When you write the formula for a molecular compound from its name, how do you know...
When you write the formula for a molecular compound from its name, how do you know how many of each kind of atom is present?
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT