Académique Documents
Professionnel Documents
Culture Documents
I.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
II.
1.
Scenario
Setup virtual switches in VMWARE
Setup snort machines
Install snort
Configure snort machine to work as an router
Setup victim webserver machine
Setup attacker machine
Setup normal website user machine
Perform http-bruteforce attack without snort running
Configure and run snort
Configure snort to work as an IPS
Perform http-bruteforce attack with snort running
ENVIRONMENT
Creating 4 virtual machine
- Snort router UBUNTU machine configured as a router and with snort installed
- Victim webserver ubuntu machine with apache2 webserver
- Attacker kali linux machine which will perform http-bruteforce attack againts victim
webserver
- Normal web server ubuntu machine to serve as an normal client
2. 2 vmware virtual switches
- Vmnet 6 - host only network with subnet 192.168.248.0/24
- Vmnet 7 host only network with subnet 192.168.232.0/24
III.
Topologi
IV.
CONFIGURE VIRTUAL SWITCHES
1. Use virtual network editor to create following custom host only virtual switches
- Vmnet 6
Subnet ip : 192.168.248.0/24
Subet mask : 255.255.255.0
NO DHCP or host virtual adapter attached
- Vmnet 7
- Subnet ip : 192.168.232.0/24
- Subet mask : 255.255.255.0
V.
-
VI.
INSTALL SNORT
1. Create temporary install directory
o Mkdir p /tmp/snort-install
o Cd /tmp/snort-install
2. Instal packages for needed to build snort
o Apt-get y install flex bison build-essential checkinstall libpcap-dev libnet1-dev
libpcre3-dev libmysqlclient-dev libnetfilter-queue-dev iptables-dev libdnet-dev
3. Install libnet-1.12
o Wget https://libdnet.googlecode.com/files/libdnet-1.12.tgz
o Tar xvzf libdnet-1.12.tgz
o Cd libdnet-1.12
o ./configure CFLAGS-fPIC
o Make
o Sudo checkinstall y
o Sudo dpkg i libdnet_1.12-1_amd64.deb
o Sudo ln s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
o Cd
4. Install lastest daq packages
o Wget http://www.snort.org/
o Tar xvzf daq
o Cd daq
o ./configure
o Make
o Sudo checkinstall y
o Sudo dpkg i daq_
o Cd 5. Install latest snort package
o Wget http://www.snort.org/
o Tar xvzf snort
o Cd snort
o ./configure enable-sourcefire
o Make
o Sudo checkinstall y
o Sudo dpkg i snort
o Sudo ln s /usr/local/bin/snort /usr/sbin/snort
o Sudo ldconfig v
o Snort V
o Cd 6. Download and install latest registered rule
o
o
o
o
o
o
o
o
o
o
VII.