Skip to content

Vaishnavrm777/CodeAlpha_NetworkBasedIDS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

24 Commits
Images
Images
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

Network-Based Intrusion Detection System

Network-based intrusion detection system using snort. A project for CodeAlpha internship.

πŸ›  Requirements

  • Virtual box
  • Kali linux OS
  • Ubuntu server(latest version)
  • Active internet
  • Snort installation
  • Nmap for scanning IP

πŸ“₯ Initial Installations

1️⃣ First Install Virtualbox

2️⃣ Import Kali Linux

3️⃣ Download Ubuntu server .iso file from its main website:

4️⃣ Import the iso file to virtualbox and run the new instance

Quick remainder: Change the network setting to bridged adapter and set promiscuous mode to 'Allow All', before running the server(also do it for kali linux).

Snort Installation

1️⃣ Identify your IP address:

ifconfig

Get the interface info i.e, wlan0 or enp0s3

screenshot: IP-Address

2️⃣ In Ubuntu instance update system packages:

sudo apt update && sudo apt upgrade -y

3️⃣ Install Snort:

sudo apt install snort

During mid installation an option to enter the local network range is shown. Type your machine's network ip range, for example 192.168.xx.0/32

4️⃣ Verify Snort installation:

snort -V

screenshot: snort-version

βš™οΈ Configuration

1️⃣ You can add/change rules for detection by(This step is not mandatory as snort comes with many set of rules):

sudo nano /etc/snort/rules/local.rules

We only need to add new rules for additional security and protective measures as there are plenty of built-in rules for snort. screenshot: snort-rules

2️⃣ Ensure the configuration file is present:

sudo nano /etc/snort/snort.conf

screenshot: conf-file

πŸƒβ€β™‚οΈβ€βž‘οΈ Running Snort IDS

1️⃣ First check if snort.conf file is successfully running:

sudo snort -T -c /etc/snort/snort.conf -i enp0s3

screenshot: snort-success

2️⃣ Next the snort IDS in alert mode:

sudo snort -A console -c /etc/snort/snort.conf -I enp0s3

screenshot: IDS-alert

3️⃣ Back in Kali OS open terminal and scan the server using the above IP address

nmap -Pn 192.168.x.x

screenshot: Nmap-scan

4️⃣ Next give a ping request

ping 192.168.x.x

screenshot: Ping-request

In the Ubuntu server instance you will be able to see the alerts popping up for the snort scan.

πŸ“ Logging Alerts

1️⃣ Run Snort with logging enabled:

sudo snort -A console -c /etc/snort/snort.conf -I enp0s3 -l /var/log/snort

2️⃣ View alerts:

sudo cat /var/log/snort/snort.alert.fast

screenshot: log-alerts

πŸ“Š Example Alerts

  • Scan UPnP service discover attempt
  • ICMP Ping Detected
  • Suspicious TCP connection attempts

screenshot: example-alerts

About

Network-based intrusion detection system using snort. This project is part of my internship with CodeAlpha

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published