Snort alert signatures
-
Upload
deris-stiawan -
Category
Internet
-
view
231 -
download
0
Transcript of Snort alert signatures
[Sharing Knowledge]
SNORT : Analyzing and Signatures
Deris Stiawan
Ph.D Candidate
Faculty of Computer Science & Information System
Universiti Teknolgi Malaysia
2012
1st run : Scanning
• Scanning tools with NMAP
– NMAP : powerful network scanning
– To find information detailed
– To find vulnerability from port / daemon / application active run
– Mapping of network
• Command :
– nmap –v ip target
– nmap –v –Sv
– nmap -v -O -sF
• Scanning tools with NIKTO
– NIKTO: powerful web scanner
– Testing IIS / Apache running on web server in target
– Checks your CGI vulnerabilities
2nd : Sniffing
• Sniffing data
– TCPdump / tshark
3rd : Analyzing
• Analyzed and recognized threat with Snort
– Analyzing from packet
– Snort.conf
Codered Footprint
Nimda Footprint
Directory Traversal Footprint
Pervasive Computing Research Group Faculty of Computer Science & Information System
Universiti Teknologi Malaysia
Prof. Dr. Abdul Hanan Abdullah
Deris Stiawan