In Progress

Using Snort IDS to create rules against a PCAP file

1. Install Snort under Ubuntu or Mint. Actually you can install it under ANY Linux

2. Create the rules based on the policies below.

3. Download the file packet capture file. Unzip it.

4. Run Snort using your rules for the packet

HERE ARE THE SPECIFIC REQUIREMENTS FOR YOUR INTRUSION DETECTION RULES:

You are to create several intrusion detection rules. Create these in a text file called '[url removed, login to view]' located under /etc/snort/rules. Develop rules that implement the following policies:

1. alert on any incoming pings to the server from .128. Your message should indicate: ".128 pinging the server."

2. alert on any ftp traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to FTP to server."

3. alert on any telnet traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to telnet to server."

4. alert on any ssh traffic containing the keyword "SSH-2", from .128 to the server. Message should read: ".128 attempt to SSH to server."

5. alert on any http traffic from .128 with the SYN flag set, from .128 to the server. Message should read: .128 attempt to the web server."

6. alert on any http traffic with the SYN flag set from the CLASS A private network (10.0.0.0/8) to the server. Message should read "Possible DDOS."

7. alert on any DNS traffic from [url removed, login to view] to the local DNS server (172.16.136.1) that contains the keyword "ubuntu." Message should read "DNS Query Ubuntu."

8. alert on any packets from .128 to the server containing the text "[url removed, login to view]"

9. alert on any ftp traffic from the .128 to the server that contains the keyword "pfarnsworth". Message should read "Pfarnsworth over ftp".

10. alert on any ssh traffic from .128 to the server with the FIN and ACK flags set. Message should read "F/A for SSH teardown."

See the attachment for details. ANYTHING LESS IS NOT ACCEPTED FOR COMPLETING THE PROJECT>

Skills: Linux

See more:

About the Employer:
( 16 reviews ) port orange, United States

Project ID: #12161303

Awarded to:

ianoc

Good day! I've read your project description and I am very much interestd in getting this work done for you. I have an enormous amount of experience in Network security especially in linux environments and I see no More

$210 USD in 3 days
(3 Reviews)
3.0

2 freelancers are bidding on average $227 for this job

abdulrehman135

I have carefully read your problem statement and your requirements. I am new freelancer but know Linux and how to work with snort. I am interested in doing your project. I am available in email at any time. I am avai More

$244 USD in 10 days
(0 Reviews)
0.0