Download
File | |
---|---|
H9 Preview Snort IDS Workshop.pdf |
Dear readers,
We present a new e-book, containing workshop materials from SNORT IDS BLAST COURSE. We would like to share them with those of you who do not participate in the course itself (we recommend you do that though). This e-book will be added to the course as a free download, for those of you who want to learn offline. All materials here were written by our wonderful instructor, Raymond Blockmon!
Enjoy!
Hakin9 Magazine
Editorial Team
TABLE OF CONTENT
Introduction
Module 1: Setting up and getting acquainted with the Snort IDS
-
-
Task 1: Setup IP variables with the internal and external network
-
Task 2: Setup Port variables with internal and external network
-
Task 3: Setup log messages
-
Module Challenge
-
Module 2: Setting up basic Snort rules
-
-
Task 1: Setup a Snort incoming packet rule to alert the network administrator
-
Task 2: Setup a Snort rule to alert for a packet connecting to an FTP server
-
Task 3: Setup a Snort rule to alert for FTP traffic searching for a specific file
-
Module Challenge
-
Module 3: Configure Detect Offset (DOE) End Pointer (EP) and Byte Offset
-
-
Task 1: Dissecting an incoming packet using DOE EP with a content match
-
Task 2: Creating Snort rule using DOE EP with Offset modifier
-
Task 3: Setup Snort Rule DOE EP with Offset and Depth content
-
Module Challenge
-
Bonus
-