implementing snort into surfids
play

Implementing Snort into SURFids Sander Keemink and Michael van Kleij - PowerPoint PPT Presentation

Sep 26, 2022 •457 likes •681 views

Implementing Snort into SURFids Implementing Snort into SURFids Sander Keemink and Michael van Kleij February 6, 2008 1 / 21 Implementing Snort into SURFids 1 SURFids 2 Snort 3 Assignment 4 Experiments and results 5 Integrating Snort 6

  1. Implementing Snort into SURFids Implementing Snort into SURFids Sander Keemink and Michael van Kleij February 6, 2008 1 / 21

  2. Implementing Snort into SURFids 1 SURFids 2 Snort 3 Assignment 4 Experiments and results 5 Integrating Snort 6 Conclusion 7 Future work 2 / 21

  3. Implementing Snort into SURFids SURFids IDS Intrusion Detection System Detects unwanted activity Host based or Network based 3 / 21

  4. Implementing Snort into SURFids SURFids SURFids 4 / 21

  5. Implementing Snort into SURFids SURFids Honeypots Nepenthes Low interaction honeypot Simulates known vulnerabilities Argos High interaction honeypot Analyses the operating system 5 / 21

  6. Implementing Snort into SURFids SURFids Nepenthes information 6 / 21

  7. Implementing Snort into SURFids SURFids Argos information 7 / 21

  8. Implementing Snort into SURFids Snort Snort Network Intrusion Detection System Rule and anomaly based 8 / 21

  9. Implementing Snort into SURFids Assignment Assignment Definition ”Which implementation of Snort into SURFids gives the most added value to the customer while not degrading performance in a noticable way.“ Research questions Added value of Snort? Where to place Snort? How can Snort output be integrated? 9 / 21

  10. Implementing Snort into SURFids Assignment Performance SURFids 3 Mbits constant 30 Mbits max peaks Snort 125 Mbits without packet loss 10 / 21

  11. Implementing Snort into SURFids Experiments and results Experiments Experiments 1 Snort before Argos 2 Snort besides Argos and Nepenthes 3 Snort on the tunnel server 11 / 21

  12. Implementing Snort into SURFids Experiments and results Experiment 1 12 / 21

  13. Implementing Snort into SURFids Experiments and results Results experiment 1 Results Over 90% of the attacks registered by Argos were detected by Snort Other attacks also recognized Timeskew, Multiple entries per attack 13 / 21

  14. Implementing Snort into SURFids Experiments and results Experiment 2 14 / 21

  15. Implementing Snort into SURFids Experiments and results Results experiment 2 Not conducted due to time and hardware limitations 15 / 21

  16. Implementing Snort into SURFids Experiments and results Experiment 3 16 / 21

  17. Implementing Snort into SURFids Experiments and results Results experiment 3 Over 90% of the attacks registered by Nepenthes were detected by Snort Identification of 10% of the possible malicious attacks 17 / 21

  18. Implementing Snort into SURFids Integrating Snort Integrating Snort Barnyard, a Snort output processor Offloads Snort Supports multiple output formats Database aware 18 / 21

  19. Implementing Snort into SURFids Integrating Snort Integrating Snort Develop a database output Parse Comma Seperated Value plugin output Shortest path Relative easy to develop IP packet payload No IP packet payload information informatioin 19 / 21

  20. Implementing Snort into SURFids Conclusion Conclusion Snort provides added value to SURFids Nepenthes possible malicious attacks can be discarded 20 / 21

  21. Implementing Snort into SURFids Future work Future work Develop a program that deals with Snort output 21 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139 flow:to_server,established content:"|eb2f 5feb 4a5e 89fb 893e 89f2|" msg:"EXPLOIT x86 linux samba overflow" reference:bugtraq,1816

436 views • 4 slides
Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139

Sample Snort Signature alert tcp $EXTERNAL_NET any -> $HOME_NET 139 flow:to_server,established content:"|eb2f 5feb 4a5e 89fb 893e 89f2|" msg:"EXPLOIT x86 linux samba overflow" reference:bugtraq,1816

370 views • 8 slides
HOW LONG BEFORE PRESENTATION TAKE XANAX How Long Before Presentation Take Xanax Do you snort or

HOW LONG BEFORE PRESENTATION TAKE XANAX How Long Before Presentation Take Xanax Do you snort or

HOW LONG BEFORE PRESENTATION TAKE XANAX How Long Before Presentation Take Xanax Do you snort or eat xanax Can gp prescribe xanax Drug interactions between suboxone and xanax Kratom mixed with xanax Meet the xanax addicted yakuza 0 Is it safe

577 views • 4 slides
Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of

Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of

Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of Agder Presented at: Fifth International PrimeLife/IFIP Summer School, Nice, France 7.-11. September 2009. This work is Funded by Telenor R&I

278 views • 24 slides
An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill

An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill

An Achilles Heel in Signature-Based IDS: Squealing False Positives in SNORT Sam Patton * Bill Yurcik David Doss Department of Applied Computer Science Illinois State University * Overview 1) the problem 2) software tool 3)

750 views • 20 slides
Intrusion Detection Cyber Security Spring 2010 Reading material Chapter 25 from Computer

Intrusion Detection Cyber Security Spring 2010 Reading material Chapter 25 from Computer

Intrusion Detection Cyber Security Spring 2010 Reading material Chapter 25 from Computer Security, Matt Bishop Snort http://snort.org Distributed IDS DShield http://dshield.org Dark address space

590 views • 21 slides
Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I

Implementing Perl 6 Jonathan Worthington Dutch Perl Workshop 2008 Implementing Perl 6 I didnt know I was giving this talk until yesterday. Implementing Perl 6 I could have written my slides last night, but Implementing Perl 6

537 views • 52 slides
Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies

Implementing Generalised Alt 01 Implementing Generalised Alt Gavin Lowe Implementing Generalised Alt 02 CSO for dummies Communicating Scala Objects (CSO) is a library of CSP-like communication primitives for the Scala programming language,

724 views • 34 slides
Compiling PCRE to FPGA for Accelerating SNORT IDS Abhishek Mitra Walid Najjar Laxmi N Bhuyan

Compiling PCRE to FPGA for Accelerating SNORT IDS Abhishek Mitra Walid Najjar Laxmi N Bhuyan

Compiling PCRE to FPGA for Accelerating SNORT IDS Abhishek Mitra Walid Najjar Laxmi N Bhuyan QuickTime and a QuickTime and a decompressor decompressor are needed to see this picture. are needed to see this picture. Outline FPGA

316 views • 27 slides
Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in

Implementing an X-ray Implementing an X-ray reverberation model in XSPEC reverberation model in XSPEC M. D. Caballero-Garcia, M. Dovciak (ASU CAS Praha 4, Prague), A. Epitropakis (D. of Physics - U. of Crete, Heraklion) Contents 1. The

435 views • 19 slides
Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes Review: Threads 1. The process is a kernel abstraction for an independent executing program. includes at least one thread of control data also

415 views • 12 slides
Automated Translation Automated Translation Between Attack Languages Between Attack Languages

Automated Translation Automated Translation Between Attack Languages Between Attack Languages

Automated Translation Automated Translation Between Attack Languages Between Attack Languages (Translating Snort rules to STATL scenarios) (Translating Snort rules to STATL scenarios) Steven T. Eckmann Eckmann Steven T. Reliable Software

296 views • 27 slides
Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to

Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to

Potential Impact of Implementing Research Findings: Modeling Approach Implementing PCOR Results to Inform Choices and ANIRBAN BASU Improve Healthcare Delivery basua@uw.edu Monday, June 25 th @basucally Academy Health, Seattle 2018

790 views • 32 slides
Implementing a Sentient Implementing a Sentient Computing System Computing System Mike

Implementing a Sentient Implementing a Sentient Computing System Computing System Mike

Implementing a Sentient Implementing a Sentient Computing System Computing System Mike Addlesee, Rupert Curwen, Steve Hodges, Joe Newman, Pete Steggles, Andy Ward and Andy Hopper AT&T Labs, Cambridge Presented by: Kurt Partridge and Jeff

337 views • 9 slides
Complementarity of Implementing the Biological Complementarity of Implementing the Biological

Complementarity of Implementing the Biological Complementarity of Implementing the Biological

Regional Workshop on National Implementation of the Biological Weapons Convention in East Asia and the Pacific Complementarity of Implementing the Biological Complementarity of Implementing the Biological Weapons Convention and UN Security

252 views • 23 slides
Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea:

Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea:

Implementing Object-Oriented Languages Implementing single inheritance Key features: Key idea: prefixing inheritance (possibly multiple) layout of superclass is a prefix of layout of subclass + instance variable access is just a load or

218 views • 9 slides
Dynamic profiles for malware communication Joao Marques, Mick Cox MSc System & Network

Dynamic profiles for malware communication Joao Marques, Mick Cox MSc System & Network

Dynamic profiles for malware communication Joao Marques, Mick Cox MSc System & Network Engineering University of Amsterdam Monday 6 February, 2017 Outline Introduction Part I - Intrusion Detection Part II: Botnets & Advanced

625 views • 40 slides
Opioid Overdose Overview Sarah Bryant, MPH, RN Division Manager Health Promotion and Prevention

Opioid Overdose Overview Sarah Bryant, MPH, RN Division Manager Health Promotion and Prevention

Opioid Overdose Overview Sarah Bryant, MPH, RN Division Manager Health Promotion and Prevention Programs Ingham County Health Department Learning Objectives Importance of opioid use and abuse Decreasing opioid overdose deaths

324 views • 21 slides
What s Ahead s Ahead What The arc of attaining competency How is the Coast Guard is

What s Ahead s Ahead What The arc of attaining competency How is the Coast Guard is

What s Ahead s Ahead What The arc of attaining competency How is the Coast Guard is changing the qualification process? The arcana of assessing competency How do you build an assessment system? The art of assessing competency How can

254 views • 21 slides
Audio recognition, context-awareness, and its applications Yoonchang Han Co-founder & CEO,

Audio recognition, context-awareness, and its applications Yoonchang Han Co-founder & CEO,

Audio recognition, context-awareness, and its applications Yoonchang Han Co-founder & CEO, Cochlear.ai 26 March, 2018 Rule-based Deep learning methods (Source: Softbank Pepper) See Computer vision Understand Natural language

698 views • 35 slides
Deep Packet Inspection Using GPUs Qian Gong, Wenji Wu, Phil DeMar GPU Technology Conference 2017

Deep Packet Inspection Using GPUs Qian Gong, Wenji Wu, Phil DeMar GPU Technology Conference 2017

Deep Packet Inspection Using GPUs Qian Gong, Wenji Wu, Phil DeMar GPU Technology Conference 2017 May 2017 Background Main uses for network traffic analysis Operations & management Capacity planning Performance troubleshooting

520 views • 24 slides
Motivation: MSA Motivation: MSA Current attacks to distributed systems involve multiple steps

Motivation: MSA Motivation: MSA Current attacks to distributed systems involve multiple steps

Secure Configuration of Intrusion Detection Secure Configuration of Intrusion Detection Sensors for Changing Enterprise Systems Gaspar Modelo-Howard, Jevin Sweval, Saurabh Bagchi Presented by Amiya Kumar Maji Dependable Computing Systems Lab

611 views • 12 slides
Constrained approximate search in misuse-based intrusion detection Ambika Shrestha Chitrakar

Constrained approximate search in misuse-based intrusion detection Ambika Shrestha Chitrakar

Constrained approximate search in misuse-based intrusion detection Ambika Shrestha Chitrakar Supervisor: Prof. Slobodan Petrovic FINSE 10th of may 2017 Contents Introduction Snort: a misuse-based intrusion detection Problem

247 views • 14 slides
Jaal: Towards Network Intrusion Detection at ISP Scale A. Aqil, K. Khalil , A. Atya, E.

Jaal: Towards Network Intrusion Detection at ISP Scale A. Aqil, K. Khalil , A. Atya, E.

Jaal: Towards Network Intrusion Detection at ISP Scale A. Aqil, K. Khalil , A. Atya, E. Paplexakis, University of California S. Krishnamurthy, KK. Ramakrishnan Riverside T. Jaeger Penn State University P. Yu, A. Swami US Army Research Lab 1

533 views • 18 slides

More recommend