Menu

[Solved]Case Project 8 2 Creating Snort Rule Investigating Apparent Internal Attack Company S Wind Q37231588

Case Project 8-2: Creating a Snort Rule
You have been investigating an apparent internal attack againstyour company’s Windows Server 2008 file servers. Suspicious packetshave been captured during routine audits. You need to configureSnort to log these suspicious files. Your internal network addressis 172.20.0.0 with a subnet mask of 255.240.0.0. Your file servers’addresses are 172.20.0.12 and 172.20.0.13. Each of these fileservers is running Snort as a HIDPS.

The suspicious packets have the following characteristics:

  • They have come from different systems inside your network.
  • The packets all include the word release between the 1000th and1100th bytes.
  • The packets use TCP as their Transport layer protocol.
  • The packets appear to be trying to exploit vulnerabilities inthe Windows implementation of SMB over IP.

You need to write a rule to be included in the rules directoryof each server’s Snort installation. These two rules must be asspecific as possible so that the system logs only the packets thatmeet the signature of the suspicious network activity. The loggedpackets should be labeled as “Possible Internal SMB over IPAttack.” You must perform research beyond the scope of this chapterto find the needed information and create the rules.

Expert Answer

Answer to Case Project 8-2: Creating a Snort Rule You have been investigating an apparent internal attack against your company’s… . . .

OR


Leave a Reply

Your email address will not be published. Required fields are marked *

See what happens after you have accessed solutions.

We are an established writing agency offering a variety of homework related solutions.

 

Place New Order Now

Once your purchase clears after clicking the purchase button, you will get the download link on the confirmation page and its mirror on your email for convenience.