User Account

All Pages

Snort deployed in the dmz network, Computer Networking

Assignment Help:

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png

Related Discussions:- Snort deployed in the dmz network

Describe the main factors of switching delay, Describe the main factors of ...

Describe the main factors of switching delay No. The speed of propagation is 200,000 km/sec or 200 meters/µsec. In 10 µsec signal travels 2 km. Therefore, each switch adds equi

Options - transport layer, Options The options  fields may be  used to...

Options The options  fields may be  used to  provide  other functions that are not  covered by  the header. If the length  of the  options  field is not  a multiple of 32 bits

What is egp, What is EGP (Exterior Gateway Protocol)? It is the protoco...

What is EGP (Exterior Gateway Protocol)? It is the protocol the routers in neighboring autonomous systems use to recognize the set of networks that can be reached within or by

Multiple activity charts, A multiple activity chart records the related ...

A multiple activity chart records the related sequence of activities of more than one subject, men and / or machine on a common time scale showing the relationship between

Distinguish between udp and tcp, Question: (a) Distinguish between UDP ...

Question: (a) Distinguish between UDP and TCP. (b) You have been asked to design and implement a chat application for a university. Which protocol could you used TCP or UDP

Subscriber database - computer network, Subscriber Database Core ne...

Subscriber Database Core network  also hosts  the subscribers  database ( for e, g HLR in GSM systems). Subscriber  database  is accessed by core  network  nodes fro  funct

Sap is used by the cisco ios for which encapsulation types, "SAP" is used b...

"SAP" is used by the Cisco IOS for which encapsulation types? Ans) Three types:- Ethernet_802.2 Token-Ring FDDI_802.2

Describe ethernet, Describe Ethernet. Ethernet is one of the well-liked...

Describe Ethernet. Ethernet is one of the well-liked networking technologies used these days. It was developed during the early 1970s and is based on specifications as stated i

State the software requirement for an intranet, State the Software requir...

State the Software requirement for an intranet To develop an Intranet the first we should design a Client /Server model for our network. As you know clients are the computers

Differentiate between web and web page, Differentiate between Web and Web...

Differentiate between Web and Web Page Web or Net The World Wide Web (a server) consisting of a hypermedia system (linking sounds, text, pictures, video) that the com

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd