Snort IDS

Discussion in 'OT Technology' started by qazxsw, Apr 21, 2007.

  1. qazxsw

    qazxsw New Member

    Joined:
    Sep 16, 2004
    Messages:
    843
    Likes Received:
    0
    So I am in a graduate level info security class, and i have to develop a "lab" using an IDS. My professor recommended Snort. He said it as one of the easiest to instal and use. So how the hell do I use it?

    I downloaded the version 6.1 exe and then I downloaded the rules into the rules folder. (On a side note when I downloaded the rules into the rules folder there was also a signatures folder. Should I put those n the signature folder?)

    Basically all I have to do is run a port scanner, or a different attack if there are any suggestions, on a windows 2003 server system from a windows xp system and have the IDS pick it up and raise a red flag. It doesn't really have to do anything fancy. This is all done in remote desktop so nothing will screw up, but my professor is an ass and doens't help at all.

    If anyone could help with this it would be greatly appreciated.

    Edit: This is not a do my homework, or trying to hack anything. It is a I have no idea what to do and it is due in a week. So just suggestions would be helpful, or anything.
     
  2. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    That Snort IDS looks pretty interesting. I'll have to check that out.
    Meanwhile, can't you just try a normal software firewall?
    Something like Zonealarm that gives you warnings when ports are being accessed. (I dont' think Zonealarm works with server 2003 though)
     
  3. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
  4. qazxsw

    qazxsw New Member

    Joined:
    Sep 16, 2004
    Messages:
    843
    Likes Received:
    0
    Thank you I will take a look at this page, and I will see if I can use zonealarm. Thanks for the help
     
  5. ZrOuT

    ZrOuT New Member

    Joined:
    Aug 30, 2005
    Messages:
    5,511
    Likes Received:
    0
    ideally for this lab you would take a managed switch or if no funds just a regular old school hub, then setup a monitor port (SPAN port in cisco terms) , this port would monitor all others and SNORT would connect to this port (or if hub you don't worry about any monitor ports)

    Then you'd take a regular PC and plug it anywhere on the switch and another PC as well , from either one you can then start running attacks , anything you can think of and your IDS should pick it up if all works well , this way you could actually try and hack your own PC1 from PC2 and see what IDS thought of your actions.

    You could have a lot of fun with that

    PS: I wouldn't call your professor an ass, 99% of things in IT you have to research on your own and learn on your own, he's giving you a great assignment IMHO.
     

Share This Page