Abstract image of a woman sitting on books and studying on a laptop

Snort alert signatures

Deris Stiawan, profile picture
Deris Stiawan

This document discusses network scanning and analysis tools. It describes using Nmap and Nikto to scan networks and web servers to find vulnerabilities. It also discusses using TCPdump and tshark to sniff network traffic. The main analysis tool discussed is Snort, which can analyze packets and recognize threats based on signatures in the Snort.conf file. Examples of signatures for threats like Code Red, Nimda, and directory traversal are provided.

Internet
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[Sharing Knowledge] SNORT : Analyzing and Signatures Deris Stiawan Ph.D Candidate Faculty of Computer Science & Information System Universiti Teknolgi Malaysia 2012
1st run : Scanning • Scanning tools with NMAP – NMAP : powerful network scanning – To find information detailed – To find vulnerability from port / daemon / application active run – Mapping of network • Command : – nmap –v ip target – nmap –v –Sv – nmap -v -O -sF
Snort alert signatures
• Scanning tools with NIKTO – NIKTO: powerful web scanner – Testing IIS / Apache running on web server in target – Checks your CGI vulnerabilities
Snort alert signatures
2nd : Sniffing • Sniffing data – TCPdump / tshark
Snort alert signatures
3rd : Analyzing • Analyzed and recognized threat with Snort – Analyzing from packet – Snort.conf
Snort alert signatures
Snort alert signatures
Snort alert signatures
Snort alert signatures
Snort alert signatures
Snort alert signatures
Snort alert signatures
Codered Footprint
Snort alert signatures
Snort alert signatures
Nimda Footprint
Directory Traversal Footprint
Pervasive Computing Research Group Faculty of Computer Science & Information System Universiti Teknologi Malaysia Prof. Dr. Abdul Hanan Abdullah Deris Stiawan

More Related Content

PDF
Wireshark
Deris Stiawan
 
PDF
Scanning & Penetration Testing
Deris Stiawan
 
PDF
The Challenges, Gaps and Future Trends: Network Security
Deris Stiawan
 
PPTX
Network forensic
Manjushree Mashal
 
PPTX
Vulnerability and Penetration Testing
Jeffery Brown
 
PPTX
Network packet analysis -capture and Analysis
Manjushree Mashal
 
PDF
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
PPTX
Network sniffers & injection tools
vishalgohel12195
 
Wireshark
Deris Stiawan
 
Scanning & Penetration Testing
Deris Stiawan
 
The Challenges, Gaps and Future Trends: Network Security
Deris Stiawan
 
Network forensic
Manjushree Mashal
 
Vulnerability and Penetration Testing
Jeffery Brown
 
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Network sniffers & injection tools
vishalgohel12195
 

What's hot (20)

PDF
Wired and Wireless Network Forensics
Savvius, Inc
 
PPTX
Wireshark network analysing software
dharmesh nakum
 
PPTX
Open source network forensics and advanced pcap analysis
GTKlondike
 
PDF
Network Forensic Tools & Techniques Workshop
Priyanka Aash
 
PPTX
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
PDF
Ch 07 -- The Expert System
Yoram Orzach
 
PPTX
Network based file carving
GTKlondike
 
PPT
Network forensics1
Santosh Khadsare
 
PPTX
Forensic Analysis - Empower Tech Days 2013
Islam Azeddine Mennouchi
 
PPTX
Network traffic analysis with cyber security
KAMALI PRIYA P
 
PPTX
Wireshark
lakshya dubey
 
PPTX
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
PPT
Wireshark Inroduction Li In
mhaviv
 
PDF
Network forensics
ArthyR3
 
PDF
Network Analysis Using Wireshark 1
Yoram Orzach
 
PPTX
Firewall Design and Implementation
ajeet singh
 
PPT
Introduction to computer security syllabus
Ayebazibwe Kenneth
 
PPTX
Network Forensics Intro
Jake K.
 
PDF
Wireshark - Basics
Yoram Orzach
 
PDF
Co se skrývá v datovém provozu? - Pavel Minařík
Security Session
 
Wired and Wireless Network Forensics
Savvius, Inc
 
Wireshark network analysing software
dharmesh nakum
 
Open source network forensics and advanced pcap analysis
GTKlondike
 
Network Forensic Tools & Techniques Workshop
Priyanka Aash
 
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
Ch 07 -- The Expert System
Yoram Orzach
 
Network based file carving
GTKlondike
 
Network forensics1
Santosh Khadsare
 
Forensic Analysis - Empower Tech Days 2013
Islam Azeddine Mennouchi
 
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Wireshark
lakshya dubey
 
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
Wireshark Inroduction Li In
mhaviv
 
Network forensics
ArthyR3
 
Network Analysis Using Wireshark 1
Yoram Orzach
 
Firewall Design and Implementation
ajeet singh
 
Introduction to computer security syllabus
Ayebazibwe Kenneth
 
Network Forensics Intro
Jake K.
 
Wireshark - Basics
Yoram Orzach
 
Co se skrývá v datovém provozu? - Pavel Minařík
Security Session
 
Ad

Viewers also liked (7)

PPTX
How to Predict, Detect and Protect Against Mobile Cyber Attacks
Skycure
 
PDF
What we can learn from CDNs about Web Development, Deployment, and Performance
Fastly
 
PPTX
Aneesh, Capillary Founder On Staying Fit And Running (A Startup)
NextBigWhat
 
PDF
IDS / IPS Survey
Deris Stiawan
 
PDF
Intrusion Detection/ Prevention
Deris Stiawan
 
PDF
ICT for fighting Corruption
Deris Stiawan
 
PDF
Perancangan Sistem Load Balancing Pada Web Server Dengan Algoritma Central Ma...
Deris Stiawan
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
Skycure
 
What we can learn from CDNs about Web Development, Deployment, and Performance
Fastly
 
Aneesh, Capillary Founder On Staying Fit And Running (A Startup)
NextBigWhat
 
IDS / IPS Survey
Deris Stiawan
 
Intrusion Detection/ Prevention
Deris Stiawan
 
ICT for fighting Corruption
Deris Stiawan
 
Perancangan Sistem Load Balancing Pada Web Server Dengan Algoritma Central Ma...
Deris Stiawan
 
Ad

More from Deris Stiawan (11)

PPTX
Sistem Deteksi Kegagalan pada Jaringan IoT dengan Menggunakan Metode Naive Ba...
Deris Stiawan
 
PPTX
Strategi [Memulai] Riset Tugas Akhir Bidang Ilmu (Teknik) Komputer
Deris Stiawan
 
PDF
IoT : Peluang Riset di Bidang Kesehatan
Deris Stiawan
 
PDF
Klasifikasi Malware Trojan Ransomware Dengan Algoritma Support Vector Machine...
Deris Stiawan
 
PDF
Deteksi Serangan Black Hole dengan Metode Bayesian pada Mobile Ad Hoc Network
Deris Stiawan
 
PDF
Deteksi Serangan Denial of Service Menggunakan Artificial Imune System
Deris Stiawan
 
PDF
Identifikasi Trafik Terenkripsi dengan Deep Packet Inspection
Deris Stiawan
 
PDF
Trend Internet of Things
Deris Stiawan
 
PDF
Network Attack and Intrusion Prevention System
Deris Stiawan
 
PDF
Konsentrasi riset jaringan komputer
Deris Stiawan
 
PDF
Trend & challenges Internet of Things
Deris Stiawan
 
Sistem Deteksi Kegagalan pada Jaringan IoT dengan Menggunakan Metode Naive Ba...
Deris Stiawan
 
Strategi [Memulai] Riset Tugas Akhir Bidang Ilmu (Teknik) Komputer
Deris Stiawan
 
IoT : Peluang Riset di Bidang Kesehatan
Deris Stiawan
 
Klasifikasi Malware Trojan Ransomware Dengan Algoritma Support Vector Machine...
Deris Stiawan
 
Deteksi Serangan Black Hole dengan Metode Bayesian pada Mobile Ad Hoc Network
Deris Stiawan
 
Deteksi Serangan Denial of Service Menggunakan Artificial Imune System
Deris Stiawan
 
Identifikasi Trafik Terenkripsi dengan Deep Packet Inspection
Deris Stiawan
 
Trend Internet of Things
Deris Stiawan
 
Network Attack and Intrusion Prevention System
Deris Stiawan
 
Konsentrasi riset jaringan komputer
Deris Stiawan
 
Trend & challenges Internet of Things
Deris Stiawan
 

Recently uploaded (20)

PPTX
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 
PPTX
Cyber Hygine IN organizations in MSME or
paramkiet
 
PPT
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
PDF
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
PPTX
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
PPTX
curriculumandpedagogyinearlychildhoodcurriculum-171021103104 - Copy.pptx
HeneszaAvenido1
 
PDF
Understand the Gitlab_presentation_task.pdf
ruhinisiyara
 
PDF
Exploring The Internet Of Things(IOT).ppt
rakeshk19831911
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PPT
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
PDF
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PPTX
module 1-Part 1.pptxdddddddddddddddddddddddddddddddddddd
KevinSeelu
 
PDF
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
PPTX
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
PPTX
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PPTX
Database Information System - Management Information System
faizhossain3
 
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 
Cyber Hygine IN organizations in MSME or
paramkiet
 
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
Cashmir Pangandaman
 
curriculumandpedagogyinearlychildhoodcurriculum-171021103104 - Copy.pptx
HeneszaAvenido1
 
Understand the Gitlab_presentation_task.pdf
ruhinisiyara
 
Exploring The Internet Of Things(IOT).ppt
rakeshk19831911
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
415456121-Jiwratrwecdtwfdsfwgdwedvwe dbwsdjsadca-EVN.ppt
woldemariamworku2
 
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
module 1-Part 1.pptxdddddddddddddddddddddddddddddddddddd
KevinSeelu
 
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
Database Information System - Management Information System
faizhossain3
 

Snort alert signatures

  • 1. [Sharing Knowledge] SNORT : Analyzing and Signatures Deris Stiawan Ph.D Candidate Faculty of Computer Science & Information System Universiti Teknolgi Malaysia 2012
  • 2. 1st run : Scanning • Scanning tools with NMAP – NMAP : powerful network scanning – To find information detailed – To find vulnerability from port / daemon / application active run – Mapping of network • Command : – nmap –v ip target – nmap –v –Sv – nmap -v -O -sF
  • 4. • Scanning tools with NIKTO – NIKTO: powerful web scanner – Testing IIS / Apache running on web server in target – Checks your CGI vulnerabilities
  • 6. 2nd : Sniffing • Sniffing data – TCPdump / tshark
  • 8. 3rd : Analyzing • Analyzed and recognized threat with Snort – Analyzing from packet – Snort.conf
  • 21. Pervasive Computing Research Group Faculty of Computer Science & Information System Universiti Teknologi Malaysia Prof. Dr. Abdul Hanan Abdullah Deris Stiawan