Signature Detection and Alerting an Admin Lab

As stated in the IDS and Syslog lab, “Traffic flow fingerprints can be defined using layer specific header field values and or content derived from data. These fingerprints are known as signatures and can be defined through SNORT rules and stored in files called rulesets.” In this lab, we will create SNORT rules used to detect traffic flows. Because this is an IDS, it does not stop the attack from going through, but is designed to alert the presence of significant threats. We will also demonstrate how an IDS can alert a sysadmin via email when a significant threat is detected.

Overview

As stated in the IDS and Syslog lab, “Traffic flow fingerprints can be defined using layer specific header field values and or content derived from data. These fingerprints are known as signatures and can be defined through SNORT rules and stored in files called rulesets.” In this lab, we will create SNORT rules used to detect traffic flows. Because this is an IDS, it does not stop the attack from going through, but is designed to alert the presence of significant threats. We will also demonstrate how an IDS can alert a sysadmin via email when a significant threat is detected.

Learning Partner
Infosec Learning
Infosec Learning
Infosec Learning provides businesses, colleges, governments, and K-12 school districts a feature rich information technology training and skill assessment service via an advanced, cloud based, virtual machine powered platform, capable of significant customization with unlimited scale and growth potential.