INFA 630–Lab #3Lab Assignment #3Our third and final lab assignment builds on the “unacceptable site” detection we worked on inassignment #2. In this lab we will attempt to accomplish the same goal using the new reputationpreprocessor in Snort. The documentation on the reputation preprocessor and the availableconfiguration options are in section 2.2.19 (starting on p. 119) of the Snort Manual, which isposted under General Information under Course Content for your reference. The basic functionof the reputation preprocessor is similar in many ways to basic firewall operation: thepreprocessor evaluates source and destination IP addresses in network packets to see if theyappear on either a “whitelist” of approved/acceptable addresses or a “blacklist” of prohibitedaddresses. Packets containing IP addresses on the blacklist are dropped. The overall intent forthis assignment is to block access to the “bad” site you selected for Lab #2 by adding the site to ablacklist and enabling the reputation preprocessor in snort.conf.To complete this assignment successfully, you will need to first edit the snort.conf file asfollows: At the end of Step #1, either set the path to the reputation preprocessor file location orcomment out these two lines (you can declare the blacklist file directly in thepreprocessor configuration settings if you don’t want to use a variable reference). At the end of Step #5, configure the reputation preprocessor. Look at the firstconfiguration example on page 119 of the Snort Manual as a guide, which simplyincludes the preprocessor declaration and the specification of the blacklist and whitelistfiles. You can run the preprocessor with either or both of these files, so for our purposesyou might just specify a blacklist file. The configuration could be as simple as:”preprocessor reputation: blacklist /etc/snort/black.list” Save the snort.conf file.Now, create a blacklist file and put it in the proper directory (such as /etc/snort/rules on Linux orC:Snortetcrules on Windows). A blacklist file is just a plain text file with one IP address (oraddress range, using CIDR notation) per line. The blacklist file name and file location should ofcourse match what you specified in the preprocessor configuration in snort.conf. Then startupSnort as you would normally, open a browser, and visit the site corresponding to the IPaddress(es) in the blacklist file.For this assignment, compose a short writeup for submission to your Assignments folder thatincludes the following:1. The “unacceptable” site you selected in Lab #2 (you can pick a new one for this assignment if you prefer).2. The IP address (individual, multiple, or a range) associated with that site. If you don’t know the IP address, you can either open a command shell and ping the site (e.g. “pingwww.facebook.com”), which will return the primary IP address on screen, or you canlook up the site on Netcraft.com to find one or more IP addresses used by the site.http://www.netcraft.com/3. The contents of the blacklist file the reputation preprocessor references. 4. A brief summary comparing the rule-based and preprocessor-based approaches used inLab #2 and #3, with an emphasis on identifying any strengths or weaknesses associatedwith each approach.5. If you are able to get Snort to run successfully with the reputation preprocessor active, include the output produced (a copy of the ASCII log file is sufficient).As in Lab Assignment #2, the successful completion of this exercise does not require you to usean actual inappropriate site. The primary purpose of this exercise is not to make you an expert inthe reputation preprocessor, but to illustrate the point that there are often multiple viableapproaches to accomplishing the same intrusion detection objectives.

Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.