Use of software network tools for testing of the Snort NIDS
Tutor / director / evaluatorDojen, Reiner
Document typeMaster thesis (pre-Bologna period)
Rights accessRestricted access - author's decision
This work parts initially from the idea of taking the whole Snort rule set and transforming each rule into traffic, thus testing Snort's alarm generation. The convenience of this method will be discussed further on this document. The Snort Intrusion Detection System was chosen mainly because it is a free and open source program. As such, it is very well supported by the open source community, and plenty of documentation is available. It can run on most platforms, and its configuration is very flexible. It is in fact one of the most popular network intrusion detection system (NIDS) programs in the industry. Testing a NIDS, apart from showing its performance, allows for a better understanding of its behavior. It can be a way of tuning the sensor by modifying its rules, and other configuration details. The project aims at shoving traffic through the Snort sensor as well as some attacks in order to test its accuracy, and see whether any of the attacks were undetected. This is done by means of several network tools.
Projecte realitzat en col.laboració amb University of Limerick