Network Security: Lab#5 Port Scanners and Intrusion Detection System
description
Transcript of Network Security: Lab#5 Port Scanners and Intrusion Detection System
Network Security: Lab#5Port Scanners and Intrusion
Detection SystemJ. H. Wang
Jun. 16, 2011
Objectives
• To learn to use port scanners– Nmap
• To introduce the ideas of intrusion detection system– Snort
Packages Used in this Lab
• Packages– Nmap– Snort
Experiment Scenario
• Port scanners– Use port scanners to check the potential
weakness in a system• Vulnerable ports• System types
Nmap
• Homepage: http://nmap.org/
• Version: – 5.51
• Platforms: Linux/FreeBSD/Windows/MacOS X
• Installation steps– Simply follow the instructions on screen
Example Usage for Nmap
• Enter an IP address (or hostname) in [Target], and press [Scan]– Open ports will be listed– Type of OS will be detected
• Many types of Scans– TCP scan– SYN scan– UDP scan– ACK scan– Window scan– FIN scan– Others: proxy scan, ICMP scan, …
Nessus
• Homepage: http://www.tenable.com/products/nessus
• Latest version: 4.4.1
• Originally open source, but now proprietary by Tenable Network Security– Free to use in homes
• Installation skipped
Intrusion Detection Systems
• Host-based IDS (HIDS)– To monitor the status of files in a system
• File integrity checking, log analysis• E.g. Tripwire, OSSEC
• Network-based IDS (NIDS)– To detect the malicious network traffic such as
DoS attacks• E.g. Snort
Tripwire
• Originally open source, but now commercial
• Open source Tripwire available, which is based on previous open-source versions– http://sf.net/projects/tripwire/
OSSEC
• Originally open source, but acquired by Trend Micro– Will remain to be open source (as claimed by
Trend Micro)– http://www.ossec.net/
Snort
• Homepage: http://www.snort.org/ • Latest version: 2.9.0.5• Platforms:
– Linux/Windows
• An open-source NIDS, which also requires WinPcap
• Installation steps– Simply follow the instructions on screen– Note: In [Installation Options], please check [Enable I
Pv6 support] for demo of IDS functions
Example Usage for Snort
• cd \snort• Sniffer mode: (default)
– To show headers only: bin\snort -v– To show headers and data: bin\snort -vd– A more descriptive display: bin\snort -vde
• Packet logger mode– To records packets in logging directory:
• bin\snort -dev -l log– To log in binary mode
• bin\snort -l log -b– To playback the packets in log
• bin\snort -r packet.log
• Network intrusion detection system mode– bin\snort -l log -c etc\snort.conf– (Some problems with the configuration file to
work in Windows…)– You need to understand how to write the rules
for intrusion detection…
Summary
• Port scanners– Nmap
• Intrusion detection system– Snort