Answered step by step
Verified Expert Solution
Question
1 Approved Answer
1 . Download and Install [ All commands are highlighted in Red text ] Access the terminal of the kali Linux apt - get install
Download and Install
All commands are highlighted in Red text Access the terminal of the kali Linux aptget install snort when it asks for the address range, retrieve the IP address using ifconfig on a separate terminal window check the subnet mask if its bit or bit and based on that give the ipaddress in the range
Example: if ipaddress is and Subnet mask is bit then range in snort should be
Let the installation complete! At successful installation it will return to default prompt.
Edit Snort Configuration File and Rules Creation
Create a blank rules file to place your custom rules in this is different than the default rules used by snort touch etcsnortrulescustomrules
edit the Snort configuration file to add to snort the newly created custom.rules file vi etcsnortsnortconf
type include $RULEPATH this command will take you the rule inclusion page in the vi editor
scroll down using pgdown or arrow keys till you reach the end of the include $RULEPATH entries
press i key on keyboard edit the file in the vi editor
after the last default entry in the include $RULEPATH type include
$RULEPATHcustomrules press esc key on keyboard and then wq to save and quit the snort configuration file
Creating a location for log files and verify if the log file are getting populated mkdir log snort l log b c etcsnortsnortconf this will start snort and run the live traffic on the computer and network against the rules in the snort.conf ctrlz cd log
ls
if the list command results with files such as alert and snortlog then
your snort is running and generating logs as well successfully
rmRemoves the contents of the log files
Creating custom rule to detect icmp attack or ping attack vi etcsnortrulescustomrules press i to enter into insert mode alert icmp any any any any msg: Possible ping attack; sid: ; press esc key and then wq to save the custom.rules file
Launching the attack
Launch the snort on the Kali Linux
snort l log p c etcsnortsnortconf
From any other machine in the network ping the Kali Linux machine with unlimited number of packets
Let the snort run for a minute for the capture to work and log file get populated
Reviewing the log file with attacks captured
cd log
ls
leafpad alert
The alert file should be populated with the alert message Possible ping attack as configured in the custom rule file.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started