… (worm)[5] CodeRed Nimda Open Source Snort[10] (Intrusion Detection System IDS) Snort Snort log (source_ip) (soruce_port) log Abstract The more popular the “Internet” becomes, the more convenient it brings. But behinds that there exists some dangerous destructions such as hacker、 computer virus and other attacking event. The malicious worm is one of the major damage in network security issue currently , such as CodeRed、 Nimda. The worm can attack a large number of computers via network in very short time , espically distributed damage via the network services. In this paper , we use Open Source like Snort[10] to construct the Intrusion Detection System (IDS) . Snort system will produce the virus log file including source-ip , source-port , whenever the intruder come in . In the mean time , we can use flow management program to keep from the virus . That is , we kick out the virus before it blow out the network bandwidth. Keywords: Intrusion Detection System Internet Worm Information Security (firewall) (rule) (rule) (IDS) IDS (IDS) (firewall) (IDS) (IDS) Snort TEL 06-2533131 2605 E-mail [email protected][email protected]第三屆離島資訊技術與應用研討會, 2003 年 6 月 334
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
論文摘要 在網際網路快速的發展之下,給人們帶來了莫
大的便利性,人們可以很輕易地建構出屬於自己的
網站。但隨之而來的問題。如被駭客攻擊、病毒破
壞、網路其他的惡意攻擊…等等問題,給人們帶來
了極大的傷害。其中以惡意電腦蠕蟲(worm)[5]也
成為當前網路安全的主要威脅之一,如 CodeRed、
Nimda。惡意的電腦蠕蟲程式可以在很短的時間中
危害網路上大量的電腦,尤其是透過潛藏在網路服
務程式中的安全性漏洞進行散播的蠕蟲程式,所以
網路管理人員對於此類病毒最感到頭痛。本文中,
我們使用Open Source的 Snort[10]來建構的入侵偵
測系統(Intrusion Detection System,IDS)。以 Snort
來說,每當發現入侵時,Snort 會產生病毒的 log
檔,記錄來源位址(source_ip)、來源埠(soruce_port)
等相關的資訊,同時,可根據產生之 log檔再配合
上流量管理程式來阻擋病毒的來源。如此一來,能
夠在病毒發作的初期,及時防止病毒對網路頻寬所
引發的破壞性。
關鍵字:入侵偵測系統,電腦蠕蟲,資訊安全
Abstract The more popular the “Internet” becomes, the
more convenient it brings. But behinds that there
exists some dangerous destructions such as hacker、
computer virus and other attacking event. The
malicious worm is one of the major damage in
network security issue currently , such as CodeRed、
Nimda. The worm can attack a large number of
computers via network in very short time , espically
distributed damage via the network services. In this
paper , we use Open Source like Snort[10] to
construct the Intrusion Detection System (IDS) .
Snort system will produce the virus log file including
source-ip , source-port , whenever the intruder come
in . In the mean time , we can use flow management
program to keep from the virus . That is , we kick out
the virus before it blow out the network bandwidth.
7. Ian Whalley , Bill Arnold, David Chess, John Morar, Alla Segal, Morton Swimmer.”An Environment for Controlled Worm Replication and Analysis,” IBM TJ Watson Research Center. http://www.research.ibm.com/antivirus/SciPapers/VB2000INW.htm