Snort deployed in the dmz network, Computer Networking

Assignment Help:

Let's consider the network shown in Figure 1 where Snort is deployed.

In Figure 1, why is Snort deployed in the DMZ instead of the Internal Network?

In Figure 1, say True or False to the following statement: "Snort can see both incoming packets from the left firewall and outgoing packets from the right firewall".

In Figure 1, assume a packet P matches the following Snort rule when the packet is analyzed by Snort.

1336_Compute the hash - part of the packet.png

Is packet P a TCP packet or a UDP packet?

Is packet P an incoming packet or an outgoing packet?

What is the source IP address contained in the header of packet P?

What is the destination IP address contained in the header of packet P?

Who is the receiver program of this packet?

The payload of packet P must contain four specific bytes. What are the four specific bytes?

Since packet P matches the rule, an alert will be raised and the Security Administrator will receive a notice (message) from Snort. What will the notice say to the administrator?

A Phf attack is a remote to local (R2L) attack against the Web Server running the "Phf" CGI script. Phf script has vulnerability that, when exploited, allows remote users to execute arbitrary commands on the Web Server and such commands will be written as:

368_Snort deployed in the DMZ Network.png


Attackers can launch this attack from any PC connected to the Internet, and the target system can be any apache web servers that permit access to the Phf script. Let's assume that the Web Server shown in Figure 1 (inside DMZ) is an apache web server that permits Phf scripts and let's assume the IP address of the Web Server is 195.4.12.5. Please give a concrete Snort rule that can detect Phf attacks against the Web Server.

To be able to detect attack packets, Snort firstly needs to log the corresponding traffic. For this purpose, the Snort administrator will need to set up several log rules. Please give a log rule to let Snort log UDP traffic from any IP address with any port going to computers on the Internal Network specified with a Class C IP range 195.4.13.0/24.

Explain the meaning of the following Snort rule.

1217_Snort deployed in the DMZ Network1.png


Related Discussions:- Snort deployed in the dmz network

Prepare network schema of a company, Your Case Study must be based on the i...

Your Case Study must be based on the information provided. There will be no additional information. This must be submitted in a .doc, or .pdf format. If you send a few paragraphs i

Why it is essential to have layering in a network, Q. Why it is essential t...

Q. Why it is essential to have layering in a network? Ans: A computer network is a very complicated system. It becomes very hard to implement as a single entity. The layered ap

Explain the routing table of solaris system, Question 1 Write a note on a)...

Question 1 Write a note on a) Internet layer b) strict source routing Question 2 Explain the routing table of Solaris system Question 3 Explain following concepts a) MIM

Computer networks - fundamentals of networks , Computer Networks A com...

Computer Networks A computer  networks  can be defined as set of computer that  interact  among  the individual  computers sharing  resources or information. Reference models

Mention different categories of computer networks, Mention different catego...

Mention different categories of computer networks (on the basis of scale) and distinguish one from the other. Local Area Network (LAN): Metropolitan Area Network (MAN): W

What do you mean by openMP, Q. What do you mean by OpenMP? OpenMP is a ...

Q. What do you mean by OpenMP? OpenMP is a compiler directive based standard developed in late 1990s together by a group of main computer software and hardware vendors. It is p

Compute the hash - part of the packet, In this question, we study Nested ES...

In this question, we study Nested ESP in AH, that is, we combine ESP with AH. Let's look at the site-to-site VPN scenario shown again in Figure 1. Let's assume that Alice's desktop

Network, What are the main features of TCP connections? Why is it said that...

What are the main features of TCP connections? Why is it said that TCP provides full-duplex service?

What is star topology, What is Star topology Each station is directly c...

What is Star topology Each station is directly connected to a common central node. Typically, each station attaches to a central node via two point-to-point links, one for tran

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd