Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Snort’s Working and configuration file

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Snort’s Working and configuration file"— Presentation transcript:

1 Introduction to Snort’s Working and configuration file

2 Three modes of snort Snort can be configured in three modes Sniffer
Packet Logger Network Intrusion Detection System

3 Sniffer mode In sniffer mode, snort act as a sniffer like tcpdump, ethereal Following options of snort are useful for sniffer mode. -d Dump the app layer data when displaying -e Display the link layer packet headers -v prints packet to the console

4 Packet logger mode In packet logger mode, snort just logs the packet which can later be used for running analysis, NIDS mode of snort and otherwise Following options of snort are useful for sniffer mode. -l Followed by directory: this will log the packets to particular directory -dev Can also be used for logger mode, but they are slow. -b logs the packets in binary. This is recommended for packet logger mode, as it is fast

5 NIDS mode NIDS mode is started with -c snort.conf
Different ways to start snort are following snort -devl ./log -h /24 -c snort.conf snort -bl ./log -h /24 -c snort.conf snort -b -A fast -c snort.conf snort -b -l ./log -c snort.conf –o

6 Snort.conf Configuration File defines the following Network Variables
Preprocessors and their variables Classification Files Reference Files Rules

7 Snort.conf (II) Network Variables
Different network variables are set. Examples are given below var HTTP_PORTS 80 var TELNET_SERVERS /29

8 Snort.conf (III) Preprocessors
Pre-compiled set of functions which handle detection. Preprocessors are fast but cannot be used from within a rule.

9 Snort.conf (IV) Classification File
In this file, priorities are stored for different attacks. 1 means highest priority or dangerous attack. Sample from classification file config classification: attempted-dos,Attempted Denial of Service,2 config classification: successful-dos,Denial of Service,2 config classification: attempted-user,Attempted User Privilege Gain,1 config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1

10 Snort.conf (V) Reference File
This includes reference URLs for different software. The reference is defined in rules, so that a URL is also displayed for administrators to rectify the problem.

11 Snort.conf (VI) Rules Rules are defined in several files which are included in snort.conf. The updated set of rules can be downloaded from snort.org

12 Modify Snort Snort provides three mechanisms to modify its functionality. Plug-ins Two types of plug-ins Output plug-ins Detection plug-ins Preprocessors Source Code Modification

13 The End

Download ppt "Introduction to Snort’s Working and configuration file"

Similar presentations

Network Intrusion Detection System Omar ISMAIL Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology.

Network Intrusion Detection System Omar ISMAIL Internet Engineering Lab Graduate School of Information Science Nara Institute of Science and Technology.
Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.

Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Installation of SNORT, APACHE, PHP, MYSQL and SnortReport.

Installation of SNORT, APACHE, PHP, MYSQL and SnortReport.
Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.

Snort Roy INSA Lab.. Outline What is “ Snort ” ? Working modes How to write snort rules ? Snort plug-ins It ’ s show time.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Martin Roesch Sourcefire Inc.

Martin Roesch Sourcefire Inc.
Modified slides from Martin Roesch Sourcefire Inc.

Modified slides from Martin Roesch Sourcefire Inc.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Modified slides from Martin Roesch Sourcefire Inc.

Modified slides from Martin Roesch Sourcefire Inc.
Modified slides from Martin Roesch Sourcefire Inc.

Modified slides from Martin Roesch Sourcefire Inc.
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Intrusion Detection MIS.5213.011 ALTER 0A234 Lecture 4.

Intrusion Detection MIS ALTER 0A234 Lecture 4.
Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Information Networking Security and Assurance Lab National Chung Cheng University Snort.
Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.

Log Analysis and Intrusion Detection By Srikrishna Gudavalli Venkata Naga Vamsi Krishna Ravi Kiran Yellepeddy.

Similar presentations

Ads by Google