Using Snort to Detect a Brute Force Hydra Attack
pfSense is a FreeBSD based router/firewall that can be configured with various plugin modules which can enable network operations and defend a network from malicious behaviour in the form of an IDS/IPS module called Snort.
Snort monitors network traffic on the router and attempts to match behavioural patterns and signatures with a set of rules that the admin configures. The admin can use rulesets generated by various companies but they will have to pay for them; they can also use a community ruleset, which the Snort community contributes to. It is not the most robust or honed ruleset but it is free to use.
Admins can also configure custom rules if the ruleset they are employing does not alert the security team to certain attacks.
The community ruleset is still rather large, with over 1200 individual rules designed to detect malicious behaviour.
You will be conducting a dictionary attack on the Metasploitable DVWA using Hydra and Burp Suite in Kali Linux and attempting to detect it on the router using Snort and the community ruleset. You will then assess if this ruleset will catch the attack and create a custom rule if required.
This lab is part of a series on cyber network security.
Upon completion of this lab you will be able to:
Demonstrate to delegates how Snort, its community rule set and custom rules can be used to detect malicious behaviour on a network guarded by a pfSense router/IDS
This lab is intended for:
- Cyber and network security specialists
You should possess:
- A basic understanding of Windows operating system environments
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.