02233

Netværkssikkerhed
Network Security

• Introduktion
• Nessus Scan
• Nessus Questions
• Snort Questions
  • Question 1
  • Question 2
  • Question 3
  • Question 4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10
  • Question 11
  • Question 12
  • Question 13
  • Question 14
  • Question 15
  • Question 16
  • Question 17
  • Question 18
• References

Question 3

Assuming there is a Nessus attack taking place.
What actions can be taken by using Snort?

Snort is a detection mechanism only. Somebody has to act on the alerts Snort raises. That being said, Snort can be used to detect the telltale activity of Nessus: a large number of attempts to connect to each and every port - often several times as Nessus tries to discover the potential flaws. When detecting this kind of activity, one can subsequently block traffic from the attacking computers at eg the firewall and the individual host machines on the network.

Bjarne D Mathiesen

Michael Pantridge

Thabet Al-Assdi

Chang Jensen