Closed

Linux Intrusion Detection using snort rules

This project was awarded to akmshasan for $250 USD.

Get free quotes for a project like this
Project Budget
$30 - $250 USD
Total Bids
2
Project Description

Create snort rules based on the documentation I provide if you accept. This will be 10 rules alerting to specific network traffic. Need this by 11/29 9pm cst.

You are to create several intrusion detection rules. Create these in a text file called '[url removed, login to view]' located under /etc/snort/rules. Develop rules that implement the following policies:

1. alert on any incoming pings to the server from .128. Your message should indicate: ".128 pinging the server."

2. alert on any ftp traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to FTP to server."

3. alert on any telnet traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to telnet to server."

4. alert on any ssh traffic containing the keyword "SSH-2", from .128 to the server. Message should read: ".128 attempt to SSH to server."

5. alert on any http traffic from .128 with the SYN flag set, from .128 to the server. Message should read: .128 attempt to the web server."

6. alert on any http traffic with the SYN flag set from the CLASS A private network (10.0.0.0/8) to the server. Message should read "Possible DDOS."

7. alert on any DNS traffic from [url removed, login to view] to the local DNS server (172.16.136.1) that contains the keyword "ubuntu." Message should read "DNS Query Ubuntu."

8. alert on any packets from .128 to the server containing the text "[url removed, login to view]" (note this is the first time I didn't mention a service!)

9. alert on any ftp traffic from the .128 to the server that contains the keyword "pfarnsworth". Message should read "Pfarnsworth over ftp".

10. alert on any ssh traffic from .128 to the server with the FIN and ACK flags set. Message should read "F/A for SSH teardown."

ipvar HOME_NET 172.16.136.0/16

ipvar SERVER [url removed, login to view]

ipvar CLASS_A 10.0.0.0/8

ipvar BADGUY [url removed, login to view]

Awarded to:

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online