Snort deployed in the dmz network, Computer Networking

Assignment Help:

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png


Related Discussions:- Snort deployed in the dmz network

Explain tree interconnection network, Tree interconnection network:   In tr...

Tree interconnection network:   In tree interconnection network, processors are organised in a complete binary tree pattern. Figure: Tree interconnection network

Network management assignment, One of the key roles of a System/Network Adm...

One of the key roles of a System/Network Administrator is to monitor log files. This usually requires helper scripts (i.e. Perl programs) so a summary of large log files can be qui

Compare Intranet with Internet and LAN, Intranet vs Internet vs LAN It...

Intranet vs Internet vs LAN It is certainly possible that both Intranets and the Internet can coexist. As spelt theoretically, the entire Intranet could be located at a remote

Show the use of flow control, Q. Show the Use of flow control? Flow co...

Q. Show the Use of flow control? Flow control denotes to a set of procedures used to restrict the amount of data that the sender can send before waiting for Error Control

What is bandwidth, Question 1 What is bandwidth?                         >...

Question 1 What is bandwidth?                         >>What is the bandwidth of                            a) Telephone signal                            b) Commercial radio broa

Explain stop--and--wait automatic repeat request, Q. Explain Stop--and--Wai...

Q. Explain Stop--and--Wait automatic repeat request? 1. Numbering frames prevents the retaining off duplicate frames. 2. Numbered acknowledgement are needed in case of delay

Access networks and physical media - computer network, Access Networks and ...

Access Networks and Physical Media Access  networks  are the  physical  links(S) that connect  an end  systems to its edge  router. Which  is the  first router on a path  fr

Explain fully connected interconnection networks, Fully connected : It is t...

Fully connected : It is the most powerful interconnection topology.  In this every node is directly associated to all other nodes. The limitation of this network is that it needs t

Types of ends in wan, There are two types of ends in WAN (1)DTE (DATA TE...

There are two types of ends in WAN (1)DTE (DATA TERMINAL EQUIPMENT) (2)DCE(DATA COMMUNICATION EQUIPMENT)

Tcp connections - transport layer, TCP Connections TCP  is an end to e...

TCP Connections TCP  is an end to end point to point  transport  used in internet. being a point  to point  protocols  means that  there is always  s single  sender  a single

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd