Linux Intrusion Detection using snort rules

Cancelled

Create snort rules based on the documentation I provide if you accept. This will be 10 rules alerting to specific network traffic. Need this by 11/29 9pm cst.

You are to create several intrusion detection rules. Create these in a text file called '[url removed, login to view]' located under /etc/snort/rules. Develop rules that implement the following policies:

1. alert on any incoming pings to the server from .128. Your message should indicate: ".128 pinging the server."

2. alert on any ftp traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to FTP to server."

3. alert on any telnet traffic with the SYN flag set, from .128 to the server. Message should read: ".128 attempt to telnet to server."

4. alert on any ssh traffic containing the keyword "SSH-2", from .128 to the server. Message should read: ".128 attempt to SSH to server."

5. alert on any http traffic from .128 with the SYN flag set, from .128 to the server. Message should read: .128 attempt to the web server."

6. alert on any http traffic with the SYN flag set from the CLASS A private network (10.0.0.0/8) to the server. Message should read "Possible DDOS."

7. alert on any DNS traffic from [url removed, login to view] to the local DNS server (172.16.136.1) that contains the keyword "ubuntu." Message should read "DNS Query Ubuntu."

8. alert on any packets from .128 to the server containing the text "[url removed, login to view]" (note this is the first time I didn't mention a service!)

9. alert on any ftp traffic from the .128 to the server that contains the keyword "pfarnsworth". Message should read "Pfarnsworth over ftp".

10. alert on any ssh traffic from .128 to the server with the FIN and ACK flags set. Message should read "F/A for SSH teardown."

ipvar HOME_NET 172.16.136.0/16

ipvar SERVER [url removed, login to view]

ipvar CLASS_A 10.0.0.0/8

ipvar BADGUY [url removed, login to view]

Skills: Computer Security, Linux, Network Administration, Ubuntu

See more: using net dll linux, opencv face detection code linux, object detection software linux, chat project using tcp sockets linux, using skype api linux, face detection opencv linux, intrusion linux, company incident intrusion linux server, investigate intrusion linux, diskless workstation using windows clients linux server, touch screen api using frame buffer linux, rules using facebook logo website, config tomcat6 using http internet linux, using wildcard ssl linux, webcam private web page, hack private web cam show, linux autofill web form script php, linux clipshare web server, linux mp3 web frontend, paid private web cam, chat program using socket programming linux, private web cam site, linux gateway web filtering, linux router web webmin, linux ligth web browser

Project ID: #12222227

Awarded to:

akmshasan

Hi, I have 12+ years of experience on Linux and Windows servers especially built on VMware and Microsoft Hyper-V platforms. I am specialized on system administration, design, deployment and troubleshooting. I believ More

$250 USD in 1 day
(5 Reviews)
2.8

2 freelancers are bidding on average $403 for this job

bdlinux27

Hi mate, I have more than 8 years of experience on Linux administration and system security administration. I hope you have seen my profile. currently i am employed as Enterprise network security administrator o More

$555 USD in 3 days
(3 Reviews)
1.7