1 / 10

SNORT

SNORT. Presented by Xinchi He April 10, 2014. What is snort?. Open source network intrusion prevention and detection system Mostly widely deployed IDS/IPS technology worldwide Millions of downloads 400,000 registered users De facto standard for IPS. What is ids?.

silver
Download Presentation

SNORT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SNORT Presented by Xinchi He April 10, 2014

  2. What is snort? • Open source network intrusion prevention and detection system • Mostly widely deployed IDS/IPS technology worldwide • Millions of downloads • 400,000 registered users • De facto standard for IPS

  3. What is ids? • Intrusion detection system • Device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. • Network based IDS (NIDS) • Host based IDS (HIDS)

  4. How does ids work? • Signature-based IDS • Compare against a database of signatures (known malicious threats) • Similar to most antivirus software detect malware • Check and update signatures in a period of time. • Statistical anomaly-based IDS • Compare against an established baseline • Bandwidth generally used • Protocols generally used • Ports and devices generally connected to

  5. Some common attacks • Nuke • Invalid ICMP packets send to the target • Use modified ping utility to repeatedly send corrupt data • Slow down the machine until it stops • WinNuke (WIn95 NetBIOS) • Teardrop • Send IP fragments with overlapping, over-sized payloads to target machine • TCP/IP fragmentation re-assembly bug • Linux favors new data • Windows favors old data

  6. Why snort? • Open source • Light weighted • Flexible

  7. Snort rule basics <Rule Acrions> <Protocols> <SRC IP> <SRC Port> <Direction Operator> <DST IP> <DST Port> (rule options)

  8. Demo

  9. Reference • http://en.wikipedia.org/wiki/Denial-of-service_attack • http://en.wikipedia.org/wiki/Intrusion_detection_system • http://www.snort.org • http://www.thegeekstuff.com/2010/08/snort-tutorial/

  10. Questions?

More Related