[Snort-sigs] 4th year student trying to use snort in their project

wkitty42 at windstream.net wkitty42 at windstream.net
Fri Mar 9 11:25:26 EST 2018


On 03/09/2018 05:08 AM, Shane Corridon via Snort-sigs wrote:
> Hi All,
> 
> I am a 4th year I.T Management student in Cork Institute of Technology. I am 
> currently working on my Final year project. I am building an automated open 
> source software analyser and vulnerability detector. I wish to use snort to 
> analysis open source software that is downloaded from the web by users. I am 
> unsure how to use snort to analysis software downloads without installing them 
> on the machine.


snort is a packet-level network traffic sniffer... it sniffs the traffic on your 
network (eg: perimeter firewall WAN<->LAN pipe) and analyses it for matches to 
the rules you have selected for use...

there are other similar tools which will extract a file it is being 
downloaded... they extract the file right out of the data stream and save it for 
later analysis... the destination device/operator won't even know about the 
extraction because it is just a copy of the data making up the file...

additionally, there are tools which will save the raw network traffic stream for 
close inspection at a later time if needed (eg: tcpdump, wireshark, etc)... some 
of these tools can be used for analysis of pcap files... some of the extractors 
can also perform the extraction of a file from a pcap file...

so, in your case, you would be sniffing the file *while it is in-transit* to the 
user's device from the source server on the WAN... a malware detector (virus, 
trojan, etc) should still be used on individual devices to protect against 
something that might make it through as well as from lateral movement attempts 
from other devices on the local network...


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*


More information about the Snort-sigs mailing list