Snort deployed in the dmz network, Computer Networking

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png

Posted Date: 2/16/2013 4:44:43 AM | Location : United States







Related Discussions:- Snort deployed in the dmz network, Assignment Help, Ask Question on Snort deployed in the dmz network, Get Answer, Expert's Help, Snort deployed in the dmz network Discussions

Write discussion on Snort deployed in the dmz network
Your posts are moderated
Related Questions
Illustrate the working of networking Bus Topology All stations attach, by appropriate hardware interfacing called as a tap, directly to a linear transmission medium, or bus. F


Q. Define the Network Security? The Internet and Web technology presents enormous promise for e-commerce. Web now is used to handle important business assets that became the

Design a Logical LAN Topology Step: Design an IP addressing scheme. Given the IP address block of 192.168.7.0 /24, design an IP addressing scheme that states the following r

As a system administrator, you require to debug igrp but are worried that the "debug IP igrp transaction" command will flood the console. What is the command that you should use?

Q. What are the Routing Techniques? Routing Routing Techniques Static versus Dynamic Routing Routing Table for classful Addressing Routing Table for Cl

Connection Oriented Multiplexing And De multiplexing TCP socketĀ  identified by 4 tuple: a.Source IP address b.Source port number c.Destination IP address d.Destina

Error Detection- Check Sum The Checksum generator are subdivides the data unit into equal segments of "n" bits (usually 16) These segments are added utilizing one's c

Introduction of DNS While discussing about the Internet, one things comes automatically in the n=mind and hence it is directly or indirectly depended on DNS. The DNS which sta

What is a Management Information Base (MIB)? A Management Information Base is part of each SNMP-managed device. Every SNMP agent has the MIB database that having information ab