[Sharing Knowledge] SNORT : Analyzing and Signatures Deris Stiawan Ph.D Candidate Faculty of Computer Science & Information System Universiti Teknolgi Malaysia 2012
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
[Sharing Knowledge]
SNORT : Analyzing and Signatures
Deris Stiawan
Ph.D Candidate
Faculty of Computer Science & Information System
Universiti Teknolgi Malaysia
2012
1st run : Scanning
• Scanning tools with NMAP
– NMAP : powerful network scanning
– To find information detailed
– To find vulnerability from port / daemon / application active run
– Mapping of network
• Command :
– nmap –v ip target
– nmap –v –Sv
– nmap -v -O -sF
• Scanning tools with NIKTO
– NIKTO: powerful web scanner
– Testing IIS / Apache running on web server in target
– Checks your CGI vulnerabilities
2nd : Sniffing
• Sniffing data
– TCPdump / tshark
3rd : Analyzing
• Analyzed and recognized threat with Snort
– Analyzing from packet
– Snort.conf
Codered Footprint
Nimda Footprint
Directory Traversal Footprint
Pervasive Computing Research Group Faculty of Computer Science & Information System
Universiti Teknologi Malaysia
Prof. Dr. Abdul Hanan Abdullah
Deris Stiawan
Related Documents
