Our third lab builds on the “unacceptable site” detection we worked on in Lab #2. In this exercise, we will attempt to accomplish the same goal using the new reputation preprocessor in Snort. The documentation on the reputation preprocessor and the available configuration options are in section 2.2.20 (starting on p. 122) of the Snort Manual, which is posted under General Information under Content for your reference. The basic function of the reputation preprocessor is similar in many ways to basic firewall operation: the preprocessor evaluates source and destination IP addresses in network packets to see if they appear on either a “whitelist” of approved/acceptable addresses or a “black list” of prohibited addresses. Packets containing IP addresses on the blacklist are dropped. The overall intent for this assignment is to block access to the “bad” site you selected for Lab#2 (or a different site chosen for this assignment) by adding the site to a blacklist and enabling the reputation preprocessor in snort.conf.
Please note: If you are using the Virtual Lab, the reputation preprocessor is already configured properly, and the supporting whitelist and blacklist files are stored in /etc/snort/rules. All you need to do is identify the IP address(es) to use and add them to the black.List file.
To complete this assignment successfully using Snort on Windows, you may need to first edit the “snort.conf” file as follows if you did not already configure these items when you first installed Snort:
Now, create a blacklist file and put it in the proper directory (such as /etc/snort/rules on Linux or C:Snortetcrules on Windows). A blacklist file is just a plain text file with one IP address (or address range, using CIDR notation) per line. The blacklist file name and file location should match what you specified in the preprocessor configuration in snort.conf. Then startup Snort as you would normally, open a browser, and visit the site corresponding to the IP address(es) in the blacklist file.
Vitual lab link https://umucvda.aeronomy.net/portal/webclient/index.html#/
For this assignment, compose a short write-up for submission to your Assignments folder that includes the following:
Not sure if this helps:
o to the rules folder where you downloaded the VRT certified rules during your Snort install (by default on Windows, this will be C:Snortrules). If you have not yet installed these rules, please do so. If you have any trouble downloading the current VRT rules release package, you can retrieve them from http://polaris.umuc.edu/~sgantz/files/snortrules-2982.tar.gz on my UMUC Polaris server. In the compressed (zipped) package, you are looking for the files that end in “.rules” extensions.
Pick one of the named rules files, open it, and choose a rule. If this is your first exposure to Snort rule syntax, please note that the rules are the sometimes-cryptic looking items starting with the word “alert”. Copy the rule you pick into your response and describe what the rule means in your own words.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more