Network Security

Question 3

Assuming there is a Nessus attack taking place.
What actions can be taken by using Snort?

Snort is a detection mechanism only. Somebody has to act on the alerts Snort raises. That being said, Snort can be used to detect the telltale activity of Nessus: a large number of attempts to connect to each and every port - often several times as Nessus tries to discover the potential flaws. When detecting this kind of activity, one can subsequently block traffic from the attacking computers at eg the firewall and the individual host machines on the network.