Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-02-2006, 12:34 PM   #1
Solid State Member
 
Join Date: Oct 2005
Posts: 10
Default Testing Snort

Hello

I am doing my final year in university on testing the effectiveness of snort for my project. I have successfully installed Snort with php,mysql and base on a Windows XP Pro machine and it all works fine.

I need a little bit of help in testing snort. Some ideas of how to possibly seeing if such and such a scan will be picked up or what happens when a trojan is in the network will it pick it up etc. would be nice.

At the moment all im relying on is people just generally browsing the network and internet and trying to make sense of the alerts that have been generated. Ideally id like to come up with ways that i could attempt to attack my network to test if snort will pick it up and thus if it does can I improve the rules or make new rules to make it more efficient.

Any help you guys can give would be great.

Thanks
__________________

mudderfacar is offline   Reply With Quote
Old 03-02-2006, 05:58 PM   #2
Fully Optimized
 
UK31337's Avatar
 
Join Date: Feb 2005
Posts: 2,776
Default Re: Testing Snort

What network are you on, and what University are you at?

If you're connected through JANET, will this sort of thing work?
__________________

__________________
Master of common sense. If you don't like it, stop reading.
UK31337 is offline   Reply With Quote
Old 03-03-2006, 01:00 AM   #3
Daemon Poster
 
Hackslayer's Avatar
 
Join Date: Feb 2006
Posts: 819
Default Re: Testing Snort

hope this helps: Network Security Test
www.MicrosoftSecurityAssessment.com Microsoft Security Assessment Tool— Official MSAT site. Free download!

News results for A security test for networks - View today's top stories
Security tips from the experts - Malaysia Star - Feb 28, 2006

Firewall Test, Port Scan and Internet Security made easy - Spy ...
Firewall test and port scan made easy * © Audit My PC .com, All rights reserved.
Network Security - Access Code For Tuesday, February 28, 2006 is jfToeVjtcc ...
www.auditmypc.com/ - 32k - Cached - Similar pages

Web Security and Penetration Testing
This Web Security test takes less than 60 seconds. ... Network Security - Access
Code For Tuesday, February 28, 2006 is kfUpfWkudc. ...
www.auditmypc.com/freescan/prefcan.asp - 32k - Cached - Similar pages

Security Scan - Sygate Online Services (sos)
The accuracy of the SOS test depends on correctly retrieving your computer’s IP
address. ... This is not an attack on your computer or network. ...
scan.sygatetech.com/ - 17k - Cached - Similar pages

- Gibson Research Corporation Home Page - -
ShieldsUP! 41675921 system tests. The Internet's quickest, most popular, reliable
and trusted, free Internet security checkup and information service. ...
grc.com/default.htm - 39k - Cached - Similar pages

Nmap - Free Security Scanner For Network Exploration & Security ...
Nmap Free Security Scanner For Network Exploration & Hacking. ... New (test/beta)
versions of Nmap are sometimes released here prior to general availability ...
www.insecure.org/nmap/ - Similar pages

Top 75 Network Security Tools
Review of top 75 network security tools (commercial and free/open source ...
DSniff: A suite of powerful network auditing and penetration-testing tools ...
www.insecure.org/tools.html - Similar pages

Audited by Netcraft
Even if you already care strongly about security, and diligently test the security
of your network, sites and applications from both inside and outside your ...
audited.netcraft.com/audited - 9k - Cached - Similar pages

Stealth And Security Tests For Concerned Internet Users
Online Security Tests For Concerned Internet Users ... The Media Access Control (MAC)
address above comes from your network card or dialup adapter. ...
stealthtests.lockdowncorp.com/ - 51k - Cached - Similar pages

Email Anti Virus and Security Testing Zone
Test the security of your email system! Is your email system secure against ...
Read why you need multiple virus engines to maximize network protection. ...
www.gfi.com/emailsecuritytest/ - 27k - Cached - Similar pages

SecuritySpace
Researchers use fingerprints to secure networks ... New Vulnerability Tests.
Gentoo Security Advisory GLSA 200602-05 (kdegraphics, kpdf) (Gentoo Local ...
www.securityspace.com/ - 41k - Cached - Similar pages
__________________
life is a fight, rest is for the dead so fight til you've earned rest: I'm watching you you know who you are
Hackslayer is offline   Reply With Quote
Old 03-03-2006, 07:12 AM   #4
Solid State Member
 
Join Date: Oct 2005
Posts: 10
Default Re: Testing Snort

Quote:
Originally Posted by UK31337
What network are you on, and what University are you at?

If you're connected through JANET, will this sort of thing work?
Im at the University of Abertay Dundee, not far away from yourself .
The network im using is a standalone network in a room that needs to go through a firewall etc. to get to JANET so if something were to happen then it would be simple enough to disconnect from the rest of the uni network so that we dont disturb anyone else.
mudderfacar is offline   Reply With Quote
Old 03-09-2006, 06:07 AM   #5
Solid State Member
 
Join Date: Oct 2005
Posts: 10
Default Re: Testing Snort

bump. Anyone got any new ideas?
mudderfacar is offline   Reply With Quote
Old 04-20-2006, 05:00 PM   #6
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Testing Snort

May just be me, however it sounds to me like he is indirectly asking how to break into a secured network. 1. "standalone network" 2. "into other network" 3."go through firewall" 4."how?" uhh, that would be my guess, because anyone who should be in a network.. would be allowed in. not trying to get in. but thats just my opinion.
__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 04-27-2006, 09:00 PM   #7
Fully Optimized
 
UK31337's Avatar
 
Join Date: Feb 2005
Posts: 2,776
Default Re: Testing Snort

Quote:
Originally Posted by uid=[0]
May just be me, however it sounds to me like he is indirectly asking how to break into a secured network. 1. "standalone network" 2. "into other network" 3."go through firewall" 4."how?" uhh, that would be my guess, because anyone who should be in a network.. would be allowed in. not trying to get in. but thats just my opinion.
This guy is doing a Senior Honours Computer Science project... you cannot comprehend the amount of work involved.
__________________
Master of common sense. If you don't like it, stop reading.
UK31337 is offline   Reply With Quote
Old 04-28-2006, 06:50 AM   #8
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 7,999
Default Re: Testing Snort

For those of you who don't know.

snort is an intrusion detection piece of software, it simply sits on a network monitoring packets.
the intrusion detection capabilities of snort are quite passive, and it's not (normally) possible for someone to detect that you are running snort.

However, when you come to test snort, chances are you'll be testing the intrusion detection capabilities, and you'll be running a piece of software such as NMAP.

snort will pick this up, however, you'll probably find that whatever uni you are attending will also pick this up, so you should probably seek advice from your uni's computing services as to whether running a port scanner or attempting a simlated intrusion on their network is allowed, or whether it will get you kicked.

alternativly, you could just set up another small private (detched0 network, what you do on your own network is your own business).
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 04-28-2006, 07:52 AM   #9
Golden Master
 
DJ-CHRIS's Avatar
 
Join Date: Apr 2006
Posts: 5,203
Send a message via AIM to DJ-CHRIS Send a message via MSN to DJ-CHRIS Send a message via Yahoo to DJ-CHRIS
Default Re: Testing Snort

Would you usually have the computer with snort picking up all packets on the network than?

Because a single computer on a large network picking up EVERY single packet is guartneed to cause slowdowns.
DJ-CHRIS is offline   Reply With Quote
Old 04-28-2006, 08:42 AM   #10
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 7,999
Default Re: Testing Snort

It depends how you look at the network and the technology used in a network.
a regular hub is a piece of dumb equipment, it recieves a packets and then spits it out of all ports, sending all packets to all ports on the hub, only the computer that actuall wants the packet picks it up.
other computers ignore it.
(this is good when you are sending out broadcast packets or DHCP requests since the DHCP server usually isn't know, so a general request is made to all machines.

however, it does mean that when you send information you are actually sending it to all machines.

if you run a program like snort or ethereal then you just listen to the network and don't generate any extra traffic.

you'll fine that on a switched network, in passive modes, you'll only see traffic eitheron the hub that you are on, (but not other hubs that maybe conected to a switch that you are also on), or just your own traffic if you are directly in a switch or router.
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 05:18 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0