Scroll Top

Nmap Scan Detection & Rules Set-Up – IDS SNORT in Ubuntu OS – Intrusion Detection System

nmap

NMAP SCAN DETECTION

Some people believe that detecting port scans is a waste of time. They are so common that any organization connected to the Internet will be regularly scanned. Very few of these represent targeted attacks. Many are Internet worms endlessly pounding away seeking some Windows vulnerability or other. Some scans come from Internet research projects, others from curious or bored individuals exploring the Internet. The biggest threat are attackers specifically targeting is organization, though those represent such a small percentage of detected scans that they are extremely tough to distinguish. So many administrators do not even bother recording port scans.

Nmap is a network mapper that has emerged as one of the most popular, free network discovery tools on the market. Nmap is now one of the core tools used by network administrators to map their networks. The program can be used to find live hosts on a network, perform port scanning, ping sweeps, OS detection, and version detection.

Testing Snort against NMAP various scan 

STEP 1:# cd /etc/snort/rules

#ls     

STEP 2:#echo ” ” > tcpscan.rules

STEP 3: #nano tcpscan.rules   

 

web penetration testing 1

STEP 4:Now in order to connect with the target network, an attacker may go for networking enumeration either using TCP Protocol or UDP protocol. Let’s assume attacker may choose TCP scanning for network enumeration then in that situation we can apply the following rule in snort local rule file.

#alert tcp any any  –>  172.16.178.143  any (msg:”NMAP scan detected!”;sid: 10000005;rev:2;)    [A message will be displayed if anyone tries to scan our system]

STEP 5:Turn on IDS mode of snort by executing given below command in terminal:

#snort -A console -q -u snort  -c  /etc/snort/rules/tcpscan.rules  -i  ens33

STEP 6: #nmap 172.16.178.143  (Now again using the attacker machine execute the given below command for TCP scan,now as we start the command in kali we will see multiple messages of “NMAP scan detected” warning us in ubuntu system)

 

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.