Using Snort IDS to create rules against a PCAP file
$30-250 USD
Concluído
Publicado há mais de 7 anos
$30-250 USD
Pago na entrega
1. Install Snort under Ubuntu or Mint. Actually you can install it under ANY Linux
2. Create the rules based on the policies below.
3. Download the file packet capture file. Unzip it.
4. Run Snort using your rules for the packet
HERE ARE THE SPECIFIC REQUIREMENTS FOR YOUR INTRUSION DETECTION RULES:
You are to create several intrusion detection rules. Create these in a text file called '[login to view URL]' located under /etc/snort/rules. Develop rules that implement the following policies:
1. alert on any incoming pings to the server from .128. Your message should indicate: ".128 pinging the server."
2. alert on any ftp traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to FTP to server."
3. alert on any telnet traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to telnet to server."
4. alert on any ssh traffic containing the keyword "SSH-2", from .128 to the server. Message should read: ".128 attempt to SSH to server."
5. alert on any http traffic from .128 with the SYN flag set, from .128 to the server. Message should read: .128 attempt to the web server."
6. alert on any http traffic with the SYN flag set from the CLASS A private network ([login to view URL]) to the server. Message should read "Possible DDOS."
7. alert on any DNS traffic from [login to view URL] to the local DNS server ([login to view URL]) that contains the keyword "ubuntu." Message should read "DNS Query Ubuntu."
8. alert on any packets from .128 to the server containing the text "[login to view URL]"
9. alert on any ftp traffic from the .128 to the server that contains the keyword "pfarnsworth". Message should read "Pfarnsworth over ftp".
10. alert on any ssh traffic from .128 to the server with the FIN and ACK flags set. Message should read "F/A for SSH teardown."
See the attachment for details. ANYTHING LESS IS NOT ACCEPTED FOR COMPLETING THE PROJECT>
Good day!
I've read your project description and I am very much interestd in getting this work done for you. I have an enormous amount of experience in Network security especially in linux environments and I see no issues in getting this done for you.
Thank you and I look forward to working with you :)
Best regards,
Alex