SIT182 – Real World Practices for Cyber Security
Pass Task 7.1P: Snort IDS – Interpret User-Defined Rules
Overview of the task
In this task you will learn about Snort IDS rules. You will need to answer the questions listed in Task Details section of this document.
Due Date: 14 May 11:59 PM. End Date: 21 May 11:59 PM.
Task Details
The best resource to learn about Snort IDS is the manual and other the documentation available on Snort’s website: https://www.snort.org/documents. The recommended one for this task is “Snort Users Manual” but feel free to browse and share other resources that you find useful on Discussions. For instance, https://paginas.fe.up.pt/~mgi98020/pgr/writing_snort_rules.htm
appears to be a good one too.
The questions that you need to answer for this task are listed in the following. Please include the question number in your answer sheet document. It is a very good idea to use this task to learn how to interpret Snort rules given that there will be questions related to Snort rules in the final exam (up to the level covered in this Pass-level task and structured very similar to what you see in this task).
Question 1: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
(see next page)
T1 2020
1 Deakin University, Australia.
Question 2: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Question 3: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Question 4: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
T1 2020
2 Deakin University, Australia.
SIT182 – Real World Practices for Cyber Security
Question 5: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Question 6: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Question 7: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
T1 2020
3 Deakin University, Australia.
SIT182 – Real World Practices for Cyber Security
Question 8: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Question 9: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Question 10: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
T1 2020
4 Deakin University, Australia.
SIT182 – Real World Practices for Cyber Security
Question 11: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Question 12: Consider the following Snort rule:
1. What type of connection this rule is applied to?
2. What traffic is monitored? (include source, destination, ports, and directions)
3. Any additional requirement/characteristics in the traffic that the rule looks for?
4. What happens when the rule is matched?
Submission Details
Convert your document to PDF and upload on OnTrack. There is no specific resource for this task. All you need to do is to include answer to questions available in this task.
(see next page)
T1 2020
5 Deakin University, Australia.
SIT182 – Real World Practices for Cyber Security
SIT182 – Real World Practices for Cyber Security
Use Discussions > Task 7.1P to discuss and seek help from each other and teaching team. You are welcome to share interesting references that you find about this task on the forum. You may not share answer to the questions on the forum.
PLEASE DO NOT use OnTrack comment section to seek help. That’s for Q&A about the tasks and is used for assessment purposes only.
Also, please note:
– If you start working on weekly tasks of this unit the night before, you will not be able to complete it. Consequences of failing a PASS-level task in this unit is ineligibility to PASS this unit.
– Generally, extension requests sent on the last day of submission are immediately rejected – unless special circumstances justifying this. As per Deakin’s policy you must contact 3 days earlier to be granted any extension: https://www.deakin.edu.au/students/faculties/sebe/assignment-extensions. If you need, extension email the unit chair with supporting documentation.
– If you wish to achieve Pass, you do not need to attempt the credit task released for Week 7 on OnTrack. Watch Help Videos under Resources on Unit Site for clarification about Target grade in this unit.
——-
Document version:
Version 2 – Current as of 29 April 2020.
T1 2020
6 Deakin University, Australia.