02 Oct Writer choice
36023Homework/Lab Exercise #3
Our third and final homework assignment builds on the “unacceptable site” detection we worked on in assignment #2. In this exercise we will attempt to accomplish the same detection goal using the reputation preprocessor in Snort. The documentation on the reputation preprocessor and the available configuration options are in section 2.2.20 (starting on p. 122) of the Snort Manual, which is posted under General Information under Content for your reference. The basic function of the reputation preprocessor is similar in many ways to basic firewall operation: the preprocessor evaluates source and destination IP addresses in network packets to see if they appear on either a “whitelist” of approved/acceptable addresses or a “blacklist” of prohibited addresses. Packets containing IP addresses on the blacklist are dropped. The overall intent for this assignment is to block access to the “unacceptable” site you selected for Lab #2 (or a different site chosen for this assignment) by adding the site to a blacklist and enabling the reputation preprocessor in snort.conf.
Please note: If you are using the Virtual Lab, the reputation preprocessor is already configured properly and the supporting whitelist and blacklist files are stored in /etc/snort/rules/rules. All you need to do is identify the IP address(es) to use and add them to the black_list.rules file, using the command “sudo nano black_list.rules” and proceeding just as you did with the local.rules file in Lab #2. The IP addresses corresponding to each of the website URLs from Lab #2 are provided below.
Site URL IP Address
www.mdlottery.com 72.21.81.131
www.national-lottery.co.uk 194.246.78.102
www.pokerstars.com 77.87.181.63
everymatrix.com 192.230.83.161
reagan.com 104.25.227.14
thepiratebay.org 104.27.216.28
www.fanduel.com 52.6.79.49
ashleymadison.com 104.16.119.62
twitter.com 104.244.42.1
www.facebook.com 179.60.192.36
To complete this assignment successfully using Snort on Windows, you may need to first edit the snort.conf file as follows if you did not already configure these items when you first installed Snort:
At the end of Step #1, either set the path to the reputation preprocessor file location or comment out these two lines (you can declare the blacklist file directly in the preprocessor configuration settings if you don’t want to use a variable reference).
At the end of Step #5, configure the reputation preprocessor. The default configuration should work fine for most students, as long as the file paths and names are accurate for the local installation. Look at the first configuration example on page 120 of the Snort Manual as a guide, which simply includes the preprocessor declaration and the specification of the blacklist and whitelist files. You can run the preprocessor with either or both of these files, so for our purposes you might just specify a blacklist file. Where the configuration designates a file (such as “black.list” or “white.list”) the file must exist in the location specified or Snort will generate an error at start-up.
Save the snort.conf file.
Now, create a blacklist file and put it in the proper directory (such as /etc/snort/rules on Linux or C:Snortetcrules on Windows). A blacklist file is just a plain text file with one IP address (or address range, using CIDR notation) per line. The blacklist file name and file location should of course match what you specified in the preprocessor configuration in snort.conf. Then startup Snort as you would normally, open a browser, and visit the site corresponding to the IP address(es) in the blacklist file.
For this assignment, compose a short writeup for submission to your Assignments folder that includes the following:
The “unacceptable” site you selected in Homework #2 (you can pick a new one for this assignment if you prefer).
The IP address (individual, multiple, or a range) associated with that site. If you don’t know the IP address, you can either open a command shell and ping the site (e.g. “ping www.facebook.com”), which will return the primary IP address on screen, or you can look up the site on Netcraft.com to find one or more IP addresses used by the site.
The contents of the blacklist file the reputation preprocessor references.
A brief summary comparing the rule-based and preprocessor-based approaches used in Homework Assignments #2 and #3, with an emphasis on identifying any strengths or weaknesses associated with each approach.
If you are able to get Snort to run successfully with the reputation preprocessor active, include the output produced (a copy of the ASCII log file is sufficient).
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Wridemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.