Snort deployed in the dmz network, Computer Networking

Assignment Help:

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png


Related Discussions:- Snort deployed in the dmz network

What is ring topology, What is Ring Topology? The physical ring topolog...

What is Ring Topology? The physical ring topology is a circular loop of point-to-point links. Every device connects directly to the ring or indirectly by and interface device o

Illustrate about rsa encryption, Q. Illustrate about RSA Encryption? R...

Q. Illustrate about RSA Encryption? RSA Encryption - Public key encryption technique - Encryption steps: - Encode data to be encrypted as a number to create the pla

Explain categorization according to pipeline configuration, Categorization ...

Categorization according to pipeline configuration According to the configuration of a pipeline, the below categories are recognized under this classification: Unifunct

Explain the term- gateway, What is the Gateway A Gateway is a device li...

What is the Gateway A Gateway is a device like a mini or microcomputer capable of operating on a standalone basis but which also gives connection for communication with the oth

Vector-distance algorithm, Vector-Distance algorithm illustrated in more d...

Vector-Distance algorithm illustrated in more detail below: Packet switches wait for next update message and they goes by entries in packet. If entry has least path to destinat

Explain ethernet frame, Explain Ethernet Frame. The heart of Ethernet s...

Explain Ethernet Frame. The heart of Ethernet system is the Ethernet Frame, which is used to deliver information among the computers. The frame having of a set of bits organize

Name the default lmi type, Cisco is the defaul LMI type. There are thre...

Cisco is the defaul LMI type. There are three types of LMI standards:  ANSI - Annex D defined by ANSI standard T1.617  ITU-T (Q.933A) - Annex A defined by Q933A  Cisco

Error correcting code - hamming code, Error Correcting Code - Hamming Code:...

Error Correcting Code - Hamming Code: Hamming code is the one of the error-correcting code named after its inventor. Because of the simplicity of the hamming code, it can dete

Describe about the noiseless channel, Describe about the noiseless channel ...

Describe about the noiseless channel A noiseless channel can transmit an arbitrarily large amount of information, no matter how frequently it is sampled. Just send a lot of dat

Problem with broadcasting, PROBLEM WITH BROADCASTING: There are some i...

PROBLEM WITH BROADCASTING: There are some issues with the broadcast. For each broadcast frame on the network every computer uses computational sources and places the data into

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd