Scribd
Upload
85 views15 pages

Snort - A Network Intrusion Prevention and Detection System

This document provides an overview of the Snort intrusion detection and prevention system. It describes Snort as an open-source network tool that uses signature, protocol and anomaly inspection to detect threats. The document outlines Snort's features, typical architecture including detection engine and rule-based scanning, installation process for Windows, and provides screenshots of it in use.

Uploaded by

Ashish Meena
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
85 views15 pages

Snort - A Network Intrusion Prevention and Detection System

This document provides an overview of the Snort intrusion detection and prevention system. It describes Snort as an open-source network tool that uses signature, protocol and anomaly inspection to detect threats. The document outlines Snort's features, typical architecture including detection engine and rule-based scanning, installation process for Windows, and provides screenshots of it in use.

Uploaded by

Ashish Meena
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 15

Snort - A network intrusion prevention and detection system

Student: Vinay Aggarwal(IIT2008087) Professor: R. C. Tripathi Class presentation

Description outline of Tools


Brief Introduction Features of the tool Architecture Installation Procedure Screenshots of the working tool

Snort

An open source network intrusion prevention and detection system. It uses a rule-based language combining signature, protocol and anomaly inspection methods The most widely deployed intrusion detection and prevention technology t has become the de facto standard technology worldwide in the industry. Small (~110K source distribution) Portable (Linux, Solaris, *BSD, IRIX, HP-UX) Fast (High probability of detection for a given attack on average networks) Free (GPL/Open Source Software)

Snort - Features

Capture and display packets from the network with different levels of detail on the console

Log data in text file .

Lightweight Network intrusion detection system .


Snort can detect threats like stealth port scans, SMB probes, CGI attacks, buffer overflows, NetBIOS queries and NMAP. Alert file indicates any suspicious or malicious attacks. Snort supports target-based intrusion detection.

Typical locations for snort

Snort architecture

From: Nalneesh Gaur, Snort: Planning IDS for your enterprise, http://www.linuxjournal.com/article/4668, 2001.

Snort components

From: Rafeeq Ur Rehman, Intrusion Detection Systems with Snort: Advanced IDS Techniques with Snort, Apache, MySQL, PHP, and ACID.

Logical components of snort

Packet Decoder: Preprocessor:

takes packets from different types of network interfaces (Ethernet, SLIP,PPP), prepare packets for processing (1) prepare data for detection engine; (2) detect anomalies in packet headers; (3) packet defragmentation;(4) decode HTTP URI; (5) reassemble TCP streams.

Detection Engine:
rules to packets

the most important part, applies

Logging and Alerting System Output Modules: process alerts and logs and generate
final output.

Rules

In a single line Rules are created by known intrusion signatures. Usually place in snort.conf configuration file.

rule header

rule options

Rule examples
destination ip address Apply to all ip packets Source ip address Destination port

Source port # Rule options Alert will be generated if criteria met

Rule header

Detection engine order to scan the rules

1. 2. 3.

Snort does not evaluate the rules in the order that they appear in the Snort rules file. In default, the order is: Alert rules Pass rules Log rules

Snort Installation Procedure


For windows:

Install the WinPcap File. This allows you to capture and examine packets as they flow across the network.
This installs fast so dont think you didnt get it to work right. This is found at (http://winpcap.org/)

Next install the SNORT program. This allows you to do many different things according to the command line that you type in.

Use all of the default settings until you get to where you need to shoes where to install it. Chose the correct location and click install. This is found at (http://www.snort.org/). For other OS go to : http://www.snort.org/docs

Screenshots

Screenshots

Thank you !

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy