Welcome back all, this part of the series we will test some of the methods described previously as outlined on the upcoming sections where we will discuss the tools and the procedures followed to attempt such tests and then in the final sections of this series we will discuss the results.
The tools used in this study are all preinstalled into Backtrack operating system with the exception of snort; although snort is also installed in Backtrack a separate installation was used. The tools discussed in this chapter are used throughout the experiments.
Please note that as previously mentioned, this series contained sections from an entire Distinctions Grade MSc. Dissertation that I have attempted as part of my master’s degree years back and I have tried my best to keep it without any modifications as best as I can.
The dissertation is very long and as was described by my supervisor, was a PHD grade level research, therefore I have tried to keep it as short as possible for this blog series without impacting the benefits I am intending to pass forward to the InfoSec community and I hope you all enjoy it.
According to Richard Bejtlich (2005, pg 149) snort is a network intrusion detection system that can also be used for packet capture and analysis.
Snort NIDS in standby mode
A more detailed description of snort is given by (Brandon Franklin 2006, p.3):
“Snort is a freeware IDS developed by Martin Roesch and Brian Caswell. It’s a lightweight, network-based IDS that can be set up on a Linux or Windows host. While the core program uses a Command Line Interface (CLI), graphical user interfaces (GUIs) can also be used. Snort operates as a network sniffer and logs activity that matches predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
Snort consists of two basic parts:
Header where the rules “actions” are identified.
Options where the rules “alert messages” are identified.“
Continue reading Investigating the efficiency of modern Intrusion Detection Systems (IDS) in detecting current evasion techniques – Part 5 – Tools and Procedures