From the course: Protecting Your Network with Open-Source Software
Join today to access over 24,700 courses taught by industry experts.
Snort as an IDS: Establishing rules
From the course: Protecting Your Network with Open-Source Software
Snort as an IDS: Establishing rules
- [Instructor] Let's run Snort as an intrusion detection system. Before we put Snort in its intrusion detection mode, we have to do some prep work. First, we'll introduce a new Snort rule by creating a file. Let's go to /etc/snort/rules/ by typing cd /etc/snort/rules/. Press Enter. We'll create a rule file called my.rules. Type sudo nano my.rules. Press Enter. The new rule we are creating will detect any ping attempts to the interface we want to monitor. Type alert, meaning, whenever there is a ping attempt, send an alert. Space. The next thing to type is a protocol to detect. Ping uses the Internet Control Message Protocol, or ICMP. Therefore, type icmp, We don't care where the ping message is coming from. It could be any IP address or any port number. That's why we type any any in terms of where the packet is coming from. Type -> to indicate the destination. We want to detect every ICMP message. Therefore, the destination IP and the destination port number are any and any too. Next,…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
What is an IDS?3m 36s
-
(Locked)
Introducing Snort3m 25s
-
(Locked)
Snort as a packet sniffer4m 13s
-
(Locked)
Snort as an IDS: Establishing rules4m 34s
-
(Locked)
Snort as an IDS: Detecting pings2m 36s
-
(Locked)
What is a network vulnerability assessment?3m 12s
-
(Locked)
Nessus1m 23s
-
(Locked)
Network scanning with Nessus2m 30s
-
(Locked)
-
-