User Account

All Pages

Snort deployed in the dmz network, Computer Networking

Assignment Help:

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png

Related Discussions:- Snort deployed in the dmz network

Protocol layering - computer network, Protocol Layering To design  str...

Protocol Layering To design  structural  network protocols the designers organize protocol and use the network  hard ware and software to implement  the protocol  in layers. E

Cells vs packets, ATM designers select cells over packets because of the fo...

ATM designers select cells over packets because of the following facts: Cells are fixed length and memory management for them is easy. Handling variable length packets tends

Write examples of the transport layer, Example of transport layer are:- ...

Example of transport layer are:- a) TCP is connection oriented. b) UDP is connectionless

Prepare network schema of a company, Your Case Study must be based on the i...

Your Case Study must be based on the information provided. There will be no additional information. This must be submitted in a .doc, or .pdf format. If you send a few paragraphs i

Simple mail transfer protocol ( smtp), Simple Mail Transfer Protocol ( SMTP...

Simple Mail Transfer Protocol ( SMTP) SMTP is the principal  application layer protocol for  internet electronic  mail. It uses the reliable data transfer  service of TCP  to

The ip addressing scheme, An Internet address (IP address) is a unique 32-b...

An Internet address (IP address) is a unique 32-bit binary number given to a host and used for all interaction with the host. Each packet transmit across an Internet contains the 3

Describe the various fibre channel standards, Network Data Storage 1. W...

Network Data Storage 1. What is the Small Computer System Interface Architecture 2. Describe the various Fibre Channel standards. 3. What is the difficulties in building

Explain the acknowledged connectionless service, Explain the Acknowledged c...

Explain the Acknowledged connectionless service This is a cross between the previous two services. It provides that datagrams are to be acknowledged, but no prior logical conne

Administrative distance of 0 mean, Directly linked network have the lowest ...

Directly linked network have the lowest administrative distance of 0. They are considered the most reliable.

What are the access methods used in lan, What are the Access methods used i...

What are the Access methods used in LAN: i. Switched access: It is used in LANs which are assigned around CBXs. Electronic switching is techniques are used to provide access

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd