Abstract:
|
This work parts initially from the idea of taking the whole Snort rule set and transforming each
rule into traffic, thus testing Snort's alarm generation. The convenience of this method will be discussed
further on this document. The Snort Intrusion Detection System was chosen mainly because it is a free
and open source program. As such, it is very well supported by the open source community, and plenty
of documentation is available. It can run on most platforms, and its configuration is very flexible. It is
in fact one of the most popular network intrusion detection system (NIDS) programs in the industry.
Testing a NIDS, apart from showing its performance, allows for a better understanding of its behavior.
It can be a way of tuning the sensor by modifying its rules, and other configuration details. The project
aims at shoving traffic through the Snort sensor as well as some attacks in order to test its accuracy, and
see whether any of the attacks were undetected. This is done by means of several network tools. |