From the course: Protecting Your Network with Open Source Software
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Snort as an IDS: Establishing rules
From the course: Protecting Your Network with Open Source Software
Snort as an IDS: Establishing rules
- [Instructor] Let's run Snort as an intrusion detection system. Before we put Snort in its intrusion detection mode, we have to do some prep work. First, we'll introduce a new Snort rule by creating a file. Let's go to /etc/snort/rules by typing cd /etc/snort/rules/. Press Enter. We'll create our rule file called my.rules. Type sudo nano my.rules. Press Enter. The new rule we're creating will detect any ping attempts to the interface we want to monitor. Type alert. Meaning whenever there is a ping attempt, send an alert. Space, the next thing to type is a protocol to detect. Ping uses the Internet Control Message Protocol or ICMP. Therefore, type icmp space. We don't care where the ping message is coming from. It could be any IP address or any port number. That's why we type any space any in terms of where the packet is coming from. Any space any space. Type a dash and a greater than sign,…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
What is an IDS?3m 21s
-
(Locked)
Introducing Snort3m
-
(Locked)
Snort as a packet sniffer4m 19s
-
(Locked)
Snort as an IDS: Establishing rules5m 1s
-
(Locked)
Snort as an IDS: Detecting pings2m 10s
-
(Locked)
What is a network vulnerability assessment?3m 22s
-
(Locked)
Nessus2m 37s
-
(Locked)
Network scanning with Nessus2m 30s
-
(Locked)
-
-