Hello Dear readers
Today my tutorial is about Snort, Snort is an Network Intrusion Detection System, In addition to IDS it can be configured as Sniffer and as Packet Logger. This tutorial is about using snort as IDS.
Download snort from its website http://www.snort.org/, I will be using snort that comes with backtrack 5, so boot in to backtrack and lets get started
To start snort Service, go to Application Menu -> Backtrack -> Services -> SNORT Services -> Snort Start
Alternatively you can use the command
#service snort start
once snort starts, you will have to configure it for the networks you want to monitor, to do this, edit its configuration file, type the command
and set the value of $HOME_NET from any to the range of IPs you want to monitor.
Restart the snort service in order for changes to take place.
#service snort restart
Now Launch the Snort IDS using the Following command.
#snort -q -A console -i eth0 -c /etc/snort/snort.conf
-q means quite mode
-A means set Alert Mode to Console
-i Set listening interface
-c Set Rules located in this file
Now lets launch a DOS attack against the the system and lets see whether SNORT detects the attack or not. To this I will use the utility called LOIC (Low Orbit Ion Canon). To set up LOIC,
Type in the in the Victims IP in target section and click Lock on.
Then in attack Options, Select the Method as UDP
Set the thread Some range such as 1000
Then click The main massive button IMMA CHARGIN MAH LAZER to launch the attack.
Now you will notice that SNORT IDS detects the attack and prints it on the console.
Now lets run an NMAP scan on the victim system and see whether it picks it up, I will use ZENMAP which a graphical utility that runs nmap in the background. To set up zenmap
Type IP of victim in Target field
Set Profile as Intense
and Hit scan
The zenmap will generate appropriate commands, now lets check snort in the background to see if it has detected the scan against it.
As you can see Snort has detected the scan even though most of the scan was stealth.
I hope this was useful, Leave your questions and suggestions in comment field.