User Account

All Pages

Snort deployed in the dmz network, Computer Networking

Assignment Help:

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png

Related Discussions:- Snort deployed in the dmz network

Dotted decimal notation, Dotted decimal representation is a syntactic form ...

Dotted decimal representation is a syntactic form the IP software uses to express 32-bit binary numbers when communicating with humans. Dotted decimal presents every octet in decim

Describe network security and internetworking security, Q. Describe Network...

Q. Describe Network security and Internetworking security? Network Security - Layers 5-7 - Securing the localized private domain. Network Administration, File Permissions

Subletting, Ask Design private subnetworks (using Class A range for CIDR) f...

Ask Design private subnetworks (using Class A range for CIDR) for each domain as in the table below, and complete the table. Hints: Consider how many network bits are required to a

Explain the term - primary memory and hard disk, Explain the term - primary...

Explain the term - primary memory and hard disk A peculiar situation arises when the existing server arrives at a stage when it cannot handle the requests quickly and most of i

Determine 802.11a OFDM, 802.11a OFDM a) Orthogonal frequency-division m...

802.11a OFDM a) Orthogonal frequency-division multiplexing utilizing a 5-GHz band b) Same as FDM except all sub bands are used by only one source at a given time c)  Secu

Explain the get and set snmp operations, Question 1 Explain the basic comm...

Question 1 Explain the basic communication model with its block diagram Question 2 List and explain the functions of network monitoring Question 3 Explain the get and se

What is dhcp, What is DHCP? DHCP is short for Dynamic Host Configuratio...

What is DHCP? DHCP is short for Dynamic Host Configuration Protocol. Its major task is to automatically assign an IP address to devices across the network. It first checks for

Networking concepts and applications, iLab 2: Office Network Expansion ...

iLab 2: Office Network Expansion Connect to the iLab here. Submit your assignment to the Dropbox located on the silver tab at the top of this page. (See "Due Da

synchronization principles of parallel programming , In multiprocessing, v...

In multiprocessing, various processors have to to communicate with each other. Therefore, synchronisation is needed between them. The correctness and performance of parallel execut

Division of the address space, The IP class procedure does not split the 32...

The IP class procedure does not split the 32-bit address space into same size class and the classes do not have the same value of networks. A prefix of n bits gives 2n unique ne

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd