Snort assignment | Information Systems homework help


INFA 630–Lab #3

Lab Assignment #3

Our third and final lab assignment builds on the “unacceptable site” detection we worked on in

assignment #2. In this lab we will attempt to accomplish the same goal using the new reputation

preprocessor in Snort. The documentation on the reputation preprocessor and the available

configuration options are in section 2.2.19 (starting on p. 119) of the Snort Manual, which is

posted under General Information under Course Content for your reference. The basic function

of the reputation preprocessor is similar in many ways to basic firewall operation: the

preprocessor evaluates source and destination IP addresses in network packets to see if they

appear on either a “whitelist” of approved/acceptable addresses or a “blacklist” of prohibited

addresses. Packets containing IP addresses on the blacklist are dropped. The overall intent for

this assignment is to block access to the “bad” site you selected for Lab #2 by adding the site to a

blacklist and enabling the reputation preprocessor in snort.conf.

To complete this assignment successfully, you will need to first edit the snort.conf file as


 At the end of Step #1, either set the path to the reputation preprocessor file location or

comment out these two lines (you can declare the blacklist file directly in the

preprocessor configuration settings if you don’t want to use a variable reference).

 At the end of Step #5, configure the reputation preprocessor. Look at the first

configuration example on page 119 of the Snort Manual as a guide, which simply

includes the preprocessor declaration and the specification of the blacklist and whitelist

files. You can run the preprocessor with either or both of these files, so for our purposes

you might just specify a blacklist file. The configuration could be as simple as:

“preprocessor reputation: blacklist /etc/snort/black.list”

 Save the snort.conf file.

Now, create a blacklist file and put it in the proper directory (such as /etc/snort/rules on Linux or

C:Snortetcrules on Windows). A blacklist file is just a plain text file with one IP address (or

address range, using CIDR notation) per line. The blacklist file name and file location should of

course match what you specified in the preprocessor configuration in snort.conf. Then startup

Snort as you would normally, open a browser, and visit the site corresponding to the IP

address(es) in the blacklist file.

For this assignment, compose a short writeup for submission to your Assignments folder that

includes the following:

1. The “unacceptable” site you selected in Lab #2 (you can pick a new one for this assignment if you prefer).

2. The IP address (individual, multiple, or a range) associated with that site. If you don’t know the IP address, you can either open a command shell and ping the site (e.g. “ping”), which will return the primary IP address on screen, or you can

look up the site on to find one or more IP addresses used by the site.

3. The contents of the blacklist file the reputation preprocessor references. 4. A brief summary comparing the rule-based and preprocessor-based approaches used in

Lab #2 and #3, with an emphasis on identifying any strengths or weaknesses associated

with each approach.

5. If you are able to get Snort to run successfully with the reputation preprocessor active, include the output produced (a copy of the ASCII log file is sufficient).

As in Lab Assignment #2, the successful completion of this exercise does not require you to use

an actual inappropriate site. The primary purpose of this exercise is not to make you an expert in

the reputation preprocessor, but to illustrate the point that there are often multiple viable

approaches to accomplishing the same intrusion detection objectives.

Calculate Your Essay Price
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 10% with the coupon code: best10