User Account

All Pages

Snort deployed in the dmz network, Computer Networking

Assignment Help:

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png

Related Discussions:- Snort deployed in the dmz network

System - network administrator, The program must be well documented which i...

The program must be well documented which includes meaningful variable and subroutine names ("self documenting code") along with comments in the code. The following block of code w

What are the main differences between ripv1 and ripv2, 1.  What does RIP st...

1.  What does RIP stand for? 2.  What metric does RIP use for Path Selection? 3.  If the metric used by RIP exceeds this value for a route it is considered unreachable, effec

Parts count method calculation, M E T HOD OF CALCULATION It involves...

M E T HOD OF CALCULATION It involves counting the number of each part type and multiplying with the generic failure rate of each part. On summing up the product, we obtain t

Design the user interface for mode switching, Design the user interface for...

Design the user interface for mode switching and data entry any way that you like. For example, to switch an application from transmit mode to receive mode, you can give it special

Combinational circuit for sorting the string, Every input line of the combi...

Every input line of the combinational circuit represents an individual element of the string say xi and every output line results in the form of a sorted list. In order to attain t

Bens network, Bens Network  Ben's network is a non-blocking network. ...

Bens Network  Ben's network is a non-blocking network.  It is a different  type of Clos network where initial and final stage consists of  2×2 switches (for n input  and m ou

What is round trip time, What is Round Trip Time? The duration of time ...

What is Round Trip Time? The duration of time it takes to send a message from one end of a network to the other and back, is known as RTT.

Show the go-back- N - control variables, Q. Show the Go-back-N - Control Va...

Q. Show the Go-back-N - Control Variables? - S- holds the series number of the recently sent frame - SF - holds sequence number of the first frame in the window - SL - ho

What is telnet, What is Telnet It is a protocol or set of rules that us...

What is Telnet It is a protocol or set of rules that uses to connect one computer to another computer in network. It is also called as a remote login. The telnet operates on cl

What is meant by symmentric multiprocessing (smp), It treats all processors...

It treats all processors as equivalent. Any processor can do the work of any other processor. Applications are separated into threads that can run simultaneously on any available p

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd