Snort Assignment

INFA 630–Lab #3
Lab Assignment #3
Our third and final lab assignment builds on the “unacceptable site” detection we worked on in
assignment #2. In this lab we will attempt to accomplish the same goal using the new reputation
preprocessor in Snort. The documentation on the reputation preprocessor and the available
configuration options are in section 2.2.19 (starting on p. 119) of the Snort Manual, which is
posted under General Information under Course Content for your reference. The basic function
of the reputation preprocessor is similar in many ways to basic firewall operation: the
preprocessor evaluates source and destination IP addresses in network packets to see if they
appear on either a “whitelist” of approved/acceptable addresses or a “blacklist” of prohibited
addresses. Packets containing IP addresses on the blacklist are dropped. The overall intent for
this assignment is to block access to the “bad” site you selected for Lab #2 by adding the site to a
blacklist and enabling the reputation preprocessor in snort.conf.
To complete this assignment successfully, you will need to first edit the snort.conf file as
follows:
 At the end of Step #1, either set the path to the reputation preprocessor file location or
comment out these two lines (you can declare the blacklist file directly in the
preprocessor configuration settings if you don’t want to use a variable reference).
 At the end of Step #5, configure the reputation preprocessor. Look at the first
configuration example on page 119 of the Snort Manual as a guide, which simply
includes the preprocessor declaration and the specification of the blacklist and whitelist
files. You can run the preprocessor with either or both of these files, so for our purposes
you might just specify a blacklist file. The configuration could be as simple as:
“preprocessor reputation: blacklist /etc/snort/black.list”
 Save the snort.conf file.
Now, create a blacklist file and put it in the proper directory (such as /etc/snort/rules on Linux or
C:\Snort\etc\rules on Windows). A blacklist file is just a plain text file with one IP address (or
address range, using CIDR notation) per line. The blacklist file name and file location should of
course match what you specified in the preprocessor configuration in snort.conf. Then startup
Snort as you would normally, open a browser, and visit the site corresponding to the IP
address(es) in the blacklist file.
For this assignment, compose a short writeup for submission to your Assignments folder that
includes the following:
1. The “unacceptable” site you selected in Lab #2 (you can pick a new one for this assignment if you prefer).
2. The IP address (individual, multiple, or a range) associated with that site. If you don’t know the IP address, you can either open a command shell and ping the site (e.g. “ping
www.facebook.com”), which will return the primary IP address on screen, or you can
look up the site on Netcraft.com to find one or more IP addresses used by the site.
http://www.netcraft.com/
3. The contents of the blacklist file the reputation preprocessor references. 4. A brief summary comparing the rule-based and preprocessor-based approaches used in
Lab #2 and #3, with an emphasis on identifying any strengths or weaknesses associated
with each approach.
5. If you are able to get Snort to run successfully with the reputation preprocessor active, include the output produced (a copy of the ASCII log file is sufficient).
As in Lab Assignment #2, the successful completion of this exercise does not require you to use
an actual inappropriate site. The primary purpose of this exercise is not to make you an expert in
the reputation preprocessor, but to illustrate the point that there are often multiple viable
approaches to accomplishing the same intrusion detection objectives.

We will write a custom Essay on Snort Assignment specifically for you for only ~~$16.05~~ $13/page

805 certified writers online

Order Now

Need help with your Assignment?

Give us your paper requirements,and we’ll deliver the highest-quality essay at only $13 a page.

Order with discount

Calculate the price

Make an order in advance and get the best price

Type of paper

Academic level

Deadline

Pages (550 words)

$0.00

*Price with a welcome 15% discount applied.

Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.

We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.

How it works

Receive a 100% original paper that will pass Turnitin from a top essay writing service

step 1

Upload your instructions

Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.

step 2

Control the process

Once you place an order with our professional essay writing services, we will email you login details to your account. There, you'll communicate with the writer and support team and track the writer's progress.

step 3

Download your paper on time

As soon as your work is ready, we’ll notify you via email. You'll then be able to download it from your account and request a revision if needed. Please note that you can also rate the writer's work in your account.

Pro service tips

How to get the most out of your experience with MyhomeworkGeeks

One writer throughout the entire course

If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.

The same paper from different writers

You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."

Copy of sources used by the writer

Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.

Testimonials

See why 20k+ students have chosen us as their sole writing assistance provider

Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.

Leadership Studies

excellent job

Customer 452773, August 3rd, 2023

fin571

EXCELLEN T

Customer 452773, March 21st, 2024

Leadership Studies

excellent job

Customer 452773, August 26th, 2023

BUSINESSADMINECO535

excellent work

Customer 452773, October 6th, 2023

Business and administrative studies

excellent job

Customer 452773, March 12th, 2023

Nursing

thank you so much

Customer 452749, June 10th, 2021

Leadership Studies

awesome work as always

Customer 452773, August 19th, 2023

Philosophy

Thank you

Customer 452811, February 17th, 2024

Human Resources Management (HRM)

excellent work

Customer 452773, July 3rd, 2023

Business and administrative studies

looks good thank you

Customer 452773, March 3rd, 2023

Business and administrative studies

excellent job! got an A, thank you

Customer 452773, May 24th, 2023

Human Resources Management (HRM)

excellent

Customer 452773, July 11th, 2023

11,595

Customer reviews in total

96%

Current satisfaction rate

3 pages

Average paper length

37%

Customers referred by a friend

OUR GIFT TO YOU

15% OFF your first order

Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.

Claim my 15% OFF Order in Chat

Check the price of your paper

Snort Assignment

Need help with your Assignment?

Sometimes it is hard to do all the work on your own