Nowdays every enterprise network is installed with the Intrusion Detection System to save its network from the cyber criminals.
Network Intrusion Detection System (NIDS) are supposed to alert the system administrators when the network are in a state of attack .First we should understand the working of the NIDS to evade it.The better we understand the structure and working the better we can evade it.
Read Also : Password Recovery of Mac OS X and above.
Snort is an open source NIDS and it is the most famous NIDS in the market.This NIDS is widely used by the US military bases and also by the US state departments.Snort is the dominant NIDS in the market and likely to be there for some years.
Snort comes in built in Backtrack so I don’t need to install it and if you want to install it then you can download it from here.
Snort is the network sniffer we can apply certain rules to it and then it can restrict the malicious traffic it sees.Now I am going to start Snort in the sniffer mode by typing the following command in the terminal of backtrack.
By this command it will start the traffic capture and to stop the traffic capture you need to press Ctrl + C and finally it displays the stat of the capture.
We need to access the configuration file in the Linux to operate the Intrusion Detection mode in Snort.The configuration file in Snort is named snort.conf and located in /etc/snort/snort.conf .Now we start by typing :
-c is used for the configuration file and next to it is its location.
Now Snort has started its work and will warn us if something malicious happens.
Snort has the default configuration settings and with little settings it will work very well.Now we start configuring it,we open the configuration file using KWrite
You can see in the screenshot that it displays 6 options.We need to first set the variables for the internal and the external network .These has the following :
We set HOME_NET as the IP of our network or internal Subnet IP.Next we set the path to the rules :
By using following commands we can check the snort rules :
This way we can check that all of the files have the snort rules or not.The better we understand about Snort the better we would be able to evade it.
If you have any queries related to this article then you can comment us below and if you like the guide then do share it among your friends.
CEO and Founder at Mighty Shouts.
*Enter your best email, we'll send this case study directly to email.
** Don't worry. We never spam or share your information with anybody.