Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

1 . Download and Install [ All commands are highlighted in Red text ] Access the terminal of the kali Linux apt - get install

1. Download and Install
[All commands are highlighted in Red text] Access the terminal of the kali Linux apt-get install snort when it asks for the address range, retrieve the IP address using ifconfig on a separate terminal window check the subnet mask if its 16 bit or 24 bit and based on that give the ipaddress in the range
Example: if ipaddress is 192.168.1.100 and Subnet mask is 255.255.255.0[24 bit], then range in snort should be 192.168.0.0/24
Let the installation complete! At successful installation it will return to default prompt.
2. Edit Snort Configuration File and Rules Creation
2.1. Create a blank rules file to place your custom rules in, this is different than the default rules used by snort touch /etc/snort/rules/custom.rules
2.2. edit the Snort configuration file to add to snort the newly created custom.rules file vi /etc/snort/snort.conf
2.3. type /include $RULE_PATH (this command will take you the rule inclusion page in the vi editor)
scroll down using pgdown or arrow keys till you reach the end of the include $RULE_PATH entries
press i key on keyboard edit the file in the vi editor
1
after the last default entry in the include $RULE_PATH type include
$RULE_PATH/custom.rules press esc key on keyboard and then wq to save and quit the snort configuration file
2.4. Creating a location for log files and verify if the log file are getting populated mkdir log snort l ./log b c /etc/snort/snort.conf (this will start snort and run the live traffic on the computer and network against the rules in the snort.conf) ctrl+z cd log
ls
if the list command results with files such as alert and snort.log.<> then
your snort is running and generating logs as well successfully
rm*(Removes the contents of the log files)
2.5. Creating custom rule to detect icmp attack or ping attack vi /etc/snort/rules/custom.rules press i to enter into insert mode alert icmp any any -> any any (msg: Possible ping attack; sid: 999995;) press esc key and then wq to save the custom.rules file
3. Launching the attack
Launch the snort on the Kali Linux
snort -l ./log -p -c /etc/snort/snort.conf
From any other machine in the network ping the Kali Linux machine with unlimited number of packets
Let the snort run for a minute for the capture to work and log file get populated
4. Reviewing the log file with attacks captured
cd log
ls
leafpad alert
The alert file should be populated with the alert message Possible ping attack as configured in the custom rule file.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Relational Database And SQL

Authors: Lucy Scott

3rd Edition

1087899699, 978-1087899695

More Books

Students also viewed these Databases questions

Question

1. Discuss the four components of language.

Answered: 1 week ago

Question

f. What stereotypes were reinforced in the commercials?

Answered: 1 week ago