implementing snort into surfids
play

Implementing Snort into SURFids Sander Keemink and Michael van Kleij - PowerPoint PPT Presentation

Sep 26, 2022 •457 likes •681 views

Implementing Snort into SURFids Implementing Snort into SURFids Sander Keemink and Michael van Kleij February 6, 2008 1 / 21 Implementing Snort into SURFids 1 SURFids 2 Snort 3 Assignment 4 Experiments and results 5 Integrating Snort 6

  1. Implementing Snort into SURFids Implementing Snort into SURFids Sander Keemink and Michael van Kleij February 6, 2008 1 / 21

  2. Implementing Snort into SURFids 1 SURFids 2 Snort 3 Assignment 4 Experiments and results 5 Integrating Snort 6 Conclusion 7 Future work 2 / 21

  3. Implementing Snort into SURFids SURFids IDS Intrusion Detection System Detects unwanted activity Host based or Network based 3 / 21

  4. Implementing Snort into SURFids SURFids SURFids 4 / 21

  5. Implementing Snort into SURFids SURFids Honeypots Nepenthes Low interaction honeypot Simulates known vulnerabilities Argos High interaction honeypot Analyses the operating system 5 / 21

  6. Implementing Snort into SURFids SURFids Nepenthes information 6 / 21

  7. Implementing Snort into SURFids SURFids Argos information 7 / 21

  8. Implementing Snort into SURFids Snort Snort Network Intrusion Detection System Rule and anomaly based 8 / 21

  9. Implementing Snort into SURFids Assignment Assignment Definition ”Which implementation of Snort into SURFids gives the most added value to the customer while not degrading performance in a noticable way.“ Research questions Added value of Snort? Where to place Snort? How can Snort output be integrated? 9 / 21

  10. Implementing Snort into SURFids Assignment Performance SURFids 3 Mbits constant 30 Mbits max peaks Snort 125 Mbits without packet loss 10 / 21

  11. Implementing Snort into SURFids Experiments and results Experiments Experiments 1 Snort before Argos 2 Snort besides Argos and Nepenthes 3 Snort on the tunnel server 11 / 21

  12. Implementing Snort into SURFids Experiments and results Experiment 1 12 / 21

  13. Implementing Snort into SURFids Experiments and results Results experiment 1 Results Over 90% of the attacks registered by Argos were detected by Snort Other attacks also recognized Timeskew, Multiple entries per attack 13 / 21

  14. Implementing Snort into SURFids Experiments and results Experiment 2 14 / 21

  15. Implementing Snort into SURFids Experiments and results Results experiment 2 Not conducted due to time and hardware limitations 15 / 21

  16. Implementing Snort into SURFids Experiments and results Experiment 3 16 / 21

  17. Implementing Snort into SURFids Experiments and results Results experiment 3 Over 90% of the attacks registered by Nepenthes were detected by Snort Identification of 10% of the possible malicious attacks 17 / 21

  18. Implementing Snort into SURFids Integrating Snort Integrating Snort Barnyard, a Snort output processor Offloads Snort Supports multiple output formats Database aware 18 / 21

  19. Implementing Snort into SURFids Integrating Snort Integrating Snort Develop a database output Parse Comma Seperated Value plugin output Shortest path Relative easy to develop IP packet payload No IP packet payload information informatioin 19 / 21

  20. Implementing Snort into SURFids Conclusion Conclusion Snort provides added value to SURFids Nepenthes possible malicious attacks can be discarded 20 / 21

  21. Implementing Snort into SURFids Future work Future work Develop a program that deals with Snort output 21 / 21

Recommend

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139 flow:to_server,established content:"|eb2f 5feb 4a5e 89fb 893e 89f2|" msg:"EXPLOIT x86 linux samba overflow" reference:bugtraq,1816

436 views • 4 slides
Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139 flow:to_server,established content:"|eb2f 5feb 4a5e 89fb 893e 89f2|" msg:"EXPLOIT x86 linux samba overflow" reference:bugtraq,1816

370 views • 8 slides
HOW LONG BEFORE PRESENTATION TAKE XANAX How Long Before Presentation Take Xanax Do you snort or

HOW LONG BEFORE PRESENTATION TAKE XANAX How Long Before Presentation Take Xanax Do you snort or

HOW LONG BEFORE PRESENTATION TAKE XANAX How Long Before Presentation Take Xanax Do you snort or eat xanax Can gp prescribe xanax Drug interactions between suboxone and xanax Kratom mixed with xanax Meet the xanax addicted yakuza 0 Is it safe

577 views • 4 slides
Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of

Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of

Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of Agder Presented at: Fifth International PrimeLife/IFIP Summer School, Nice, France 7.-11. September 2009. This work is Funded by Telenor R&I

278 views • 24 slides
An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill

An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill

An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill Yurcik David Doss Department of Applied Computer Science Illinois State University * Overview 1) the problem 2) software tool 3)

750 views • 20 slides
Intrusion Detection Cyber Security Spring 2010 Reading material Chapter 25 from Computer

Intrusion Detection Cyber Security Spring 2010 Reading material Chapter 25 from Computer

Intrusion Detection Cyber Security Spring 2010 Reading material Chapter 25 from Computer Security, Matt Bishop Snort http://snort.org Distributed IDS DShield http://dshield.org Dark address space

590 views • 21 slides
Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I didnt know I was giving this talk until yesterday. Implementing Perl 6 I could have written my slides last night, but Implementing Perl 6

537 views • 52 slides
Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt 01 Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies Communicating Scala Objects (CSO) is a library of CSP-like communication primitives for the Scala programming language,

724 views • 34 slides
Compiling PCRE to FPGA for Accelerating SNORT IDS Abhishek Mitra Walid Najjar Laxmi N Bhuyan

Compiling PCRE to FPGA for Accelerating SNORT IDS Abhishek Mitra Walid Najjar Laxmi N Bhuyan

Compiling PCRE to FPGA for Accelerating SNORT IDS Abhishek Mitra Walid Najjar Laxmi N Bhuyan QuickTime and a QuickTime and a decompressor decompressor are needed to see this picture. are needed to see this picture. Outline FPGA

316 views • 27 slides
Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in XSPEC M. D. Caballero-Garcia, M. Dovciak (ASU CAS Praha 4, Prague), A. Epitropakis (D. of Physics - U. of Crete, Heraklion) Contents 1. The

435 views • 19 slides
Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes Review: Threads 1. The process is a kernel abstraction for an independent executing program. includes at least one thread of control data also

416 views • 12 slides
Automated Translation Automated Translation Between Attack Languages Between Attack Languages

Automated Translation Automated Translation Between Attack Languages Between Attack Languages

Automated Translation Automated Translation Between Attack Languages Between Attack Languages (Translating Snort rules to STATL scenarios) (Translating Snort rules to STATL scenarios) Steven T. Eckmann Eckmann Steven T. Reliable Software

296 views • 27 slides
Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to

Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to

Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to Inform Choices and ANIRBAN BASU Improve Healthcare Delivery basua@uw.edu Monday, June 25 th @basucally Academy Health, Seattle 2018

790 views • 32 slides
Implementing a Sentient Implementing a Sentient Computing System Computing System Mike

Implementing a Sentient Implementing a Sentient Computing System Computing System Mike

Implementing a Sentient Implementing a Sentient Computing System Computing System Mike Addlesee, Rupert Curwen, Steve Hodges, Joe Newman, Pete Steggles, Andy Ward and Andy Hopper AT&T Labs, Cambridge Presented by: Kurt Partridge and Jeff

337 views • 9 slides
Complementarity of Implementing the Biological Complementarity of Implementing the Biological

Complementarity of Implementing the Biological Complementarity of Implementing the Biological

Regional Workshop on National Implementation of the Biological Weapons Convention in East Asia and the Pacific Complementarity of Implementing the Biological Complementarity of Implementing the Biological Weapons Convention and UN Security

252 views • 23 slides
Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea:

Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea:

Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea: prefixing inheritance (possibly multiple) layout of superclass is a prefix of layout of subclass + instance variable access is just a load or

218 views • 9 slides
Challenges in Implementing Challenges in Implementing Trade Facilitation & Trade

Challenges in Implementing Challenges in Implementing Trade Facilitation & Trade

Challenges in Implementing Challenges in Implementing Trade Facilitation & Trade Facilitation & e- -Business over the Internet Business over the Internet e 13 th Northeast Asia Economic Forum 17-18 September 2004, Seoul, Korea Kenji

1.03k views • 43 slides
Won Bronze now aiming for Gold Implementing a sustainable Implementing a sustainable model for

Won Bronze now aiming for Gold Implementing a sustainable Implementing a sustainable model for

4/13/2011 Won Bronze now aiming for Gold Implementing a sustainable Implementing a sustainable model for using information to learn at The University of Auckland Hester Mountifield ( Li W ang) CCA-EDUCAUSE Australasia 2011 The University of

379 views • 10 slides
Implementing Object-Oriented Languages Implementing instance variable access Key features: Key

Implementing Object-Oriented Languages Implementing instance variable access Key features: Key

Implementing Object-Oriented Languages Implementing instance variable access Key features: Key problem: subtype polymorphism inheritance (possibly multiple) Solution: prefixing subtyping & subtype polymorphism layout of

174 views • 5 slides
Implementing an SRM tool Implementing an SRM tool Business value & key success factors

Implementing an SRM tool Implementing an SRM tool Business value & key success factors

Implementing an SRM tool Implementing an SRM tool Business value & key success factors Perfect Club 25 April 2013 The functional Purchasing Information System loop Spend analysis Spend analysis Invoicing Invoicing Supplier Supplier

431 views • 14 slides
1.IMPLEMENTING THE HUMAN SECURITY CONCEPT 2. PROGRAM PROGRESS 1. IMPLEMENTING THE HUMAN

1.IMPLEMENTING THE HUMAN SECURITY CONCEPT 2. PROGRAM PROGRESS 1. IMPLEMENTING THE HUMAN

1.IMPLEMENTING THE HUMAN SECURITY CONCEPT 2. PROGRAM PROGRESS 1. IMPLEMENTING THE HUMAN SECURITY CONCEPT According to the human security principles PROTECTION OBJECTIVE TOP-DOWN Support the formulation of public policies (gender,

1.15k views • 14 slides
Objects V Digression: Algorithms CS is just as much about inventing and implementing your own

Objects V Digression: Algorithms CS is just as much about inventing and implementing your own

Objects V Digression: Algorithms CS is just as much about inventing and implementing your own algorithms as it is implementing other peoples. Examples: mesostic project, reduce() Just because an algorithm works doesnt mean it

445 views • 11 slides
Objects & Inheritance Section 7 Implementing Objects in 401 Ways of implementing objects:

Objects & Inheritance Section 7 Implementing Objects in 401 Ways of implementing objects:

Objects & Inheritance Section 7 Implementing Objects in 401 Ways of implementing objects: Use closures as objects Use tables as objects Closures as Objects Datatype name Datatype fields function myObject (field1, field2,

265 views • 10 slides
Implementing a Multilayer Perceptron from Scratch Implementing a Multilayer Perceptron from

Implementing a Multilayer Perceptron from Scratch Implementing a Multilayer Perceptron from

Implementing a Multilayer Perceptron from Scratch Implementing a Multilayer Perceptron from Scratch In [1]: % matplotlib inline import d2l from mxnet import nd from mxnet.gluon import loss as gloss Load the Fashion-MNIST data set Load the

390 views • 8 slides

More recommend