Signature Detection and Alerting an Admin Lab

Infosec Learning
Virtual Lab

As stated in the IDS and Syslog lab, “Traffic flow fingerprints can be defined using layer specific header field values and or content derived from data. These fingerprints are known as signatures and can be defined through SNORT rules and stored in files called rulesets.” In this lab, we will create SNORT rules used to detect traffic flows. Becaus...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

As stated in the IDS and Syslog lab, “Traffic flow fingerprints can be defined using layer specific header field values and or content derived from data. These fingerprints are known as signatures and can be defined through SNORT rules and stored in files called rulesets.” In this lab, we will create SNORT rules used to detect traffic flows. Because this is an IDS, it does not stop the attack from going through, but is designed to alert the presence of significant threats. We will also demonstrate how an IDS can alert a sysadmin via email when a significant threat is detected.