入侵檢測(cè)試驗(yàn)報(bào)告_第1頁(yè)
入侵檢測(cè)試驗(yàn)報(bào)告_第2頁(yè)
入侵檢測(cè)試驗(yàn)報(bào)告_第3頁(yè)
入侵檢測(cè)試驗(yàn)報(bào)告_第4頁(yè)
入侵檢測(cè)試驗(yàn)報(bào)告_第5頁(yè)
已閱讀5頁(yè),還剩8頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、入侵檢測(cè)實(shí)驗(yàn)報(bào)告一實(shí)驗(yàn)環(huán)境搭建1安裝winpcap(有時(shí)會(huì)提示重啟計(jì)算機(jī)。)使網(wǎng)卡處于混雜模式,按向?qū)崾就瓿杉纯赡軌蜃ト?shù)據(jù)包。2安裝snort采用默認(rèn)安裝完成即可安裝完成使用下列命令行驗(yàn)證是否成功表)C:SnortbinAsnort.exe-W(也可以看到所有網(wǎng)卡的Interface列LibnetHT網(wǎng)上部居叵取站SnurtXbin<»R>208712012005-10-052003-12-03SnortTejan73,72894.208DescriptIon-*>Snopt*Uersion2.DyMartinh±n的目錄SSnort、Jbin>

2、3rort.cxcxDeuiceNPF_Qenei*1cDlalupAdajpter(GenericdialupadaptersDcviceSNPF<ft015172E-8E34-4ft3F-B58D-5DD30E7ADE47)<UHwa«Acceleratedftdaptcr>Explorer千一(323.1日4句角字節(jié)-IfllX|<.90蹲VTlXJOf時(shí)全提示苻3Tin*snort看到那個(gè)狂奔的小豬了嗎?看到了,就表示snort安裝成功3安裝和設(shè)置mysql設(shè)置數(shù)據(jù)庫(kù)實(shí)例流程:lySQLServerInstanceConfigurationYizard

3、MySQLServerInstanceConfigurationConfiguretheMySQLServer5.0serverinstance.Fleaseselectaservertype.ThiswillinfluencememorydiskandCPJusage.CDeveloperMachineThisisadevelopmentmachine,andmanyotherapplicationswillberunonit.MySQLServershouldonlyuseaminimalamountofmemory.GServerMachineSeveralserverapplicati

4、onswillberunningonthisrrachine.Choosethisoptionforweb/applicationservers.MySQLwilllavemediummemoryusage.CDedicatedMySQLServerMachineThismachineisdedicatedtoruntheMySQLDatabaseServer.Nootherservers,suchasawebormailserver;willberun.MySQLwill一義,utilizeuptoallavailablememory.<Back|Next>|CancelySQL

5、ServerInstanceConfigurationYizardMySQLServerInstanceConfigurationConfiguretheMySQLServer5.0serverinstance.Fleaseselectthedatabaseusage.f*MultifunctionalDatabaseGeneralpurposedatabases.ThiswilloptimizetheserverfortheuseofthefasttransactionalInnoDBstorageengineandthehighspeedMylSAMstorageengine.Transa

6、ctionalDatabaseOnlyOptimizedforapplicationserversandtransactionalwebapplications.ThiswillmakeInnoDBthemainstorageengine.NotethattheMylSAMenginecanstillbeused.CNon-TransactionalDatabaseOnlyjSuitedforsimplewebapplications,monitoringorloggingapplicationsJ/aswellasanalysisprograms.Onlythenon-transac:ion

7、alMylSAMstorageenginewillbeactivated.<Back|Next>CancelI7SQLServerInstanceConfigurationYizardMySQLServerInstanceConfigurationConfiguretheMySQLServer5.0serverinstance.Fleasesetthenetworkingoptions.7EnableTCP/IPNetworkingEnablethistoallowTCP/IPconnections.Whendisabled,onlylocal能;jconnectionsthrou

8、ghnamedpipesareallowed.PortNumber:3306ZJFleasesettheserverSQLmode.7EnableStrictModeThisoptionforcestheservertobehavemorelikeatraditionaldatabaseserver.Risrecommendedtoenablethisoption.<BackNext>CancelySQLServerInstanceConfigurationYizardMySQLServerInstanceConfigurationConfiguretheMySQLServer5.

9、0serverinstance.Fleaseselectthedefaultcharacterset.CStandardCharacterSetMakesLatin1thedefaultcharset.ThischaractersetissuitedforEnglishandotherWestEuropeanlanguages.6BestSupportForMultilingualismMakeUTF8thedefaultcharacterset.Thisisthere:ommendedcharactersetforstoringtextinmanydifferentlanguages.CMa

10、nualSelectedDefaultCharacterSet/CollationPleasespecifythecharactersettouse.CharacterSet:|utf8f<Back|Next>|CancellySQLServerInstanceConfigurationYizardMySQLServerInstanceConfigurationConfiguretheMySQLServer5.0serverinstance.FleasesettheWindowsoptions.pInstallAsWindowsServiceThisistherecommended

11、waytoruntheMySQLserveronWindows.ServiceName:|MySQL5pLaunchtheMySQLServerajtomatically|7IncludeBinDirectoryinWindowsPATHmu>.Checkthisoptiontoincludethedirectorycontainingtheserver/clientexecutablesintheWindowsPATHvariablesotheycanbecalledfromthecommandline.<BackINext>Cancel建立snort運(yùn)行必須的snort庫(kù)

12、和snort_archive庫(kù)C:ProgramFilesMySQLMySQLServer5.0bin>mysql-uroot-pEnterpassword:(你安裝時(shí)設(shè)定的密碼,這里使用mysql這個(gè)密碼)mysql>createdatabasesnort;mysql>createdatabasesnort_archive;使用C:Snortschemas目錄下的create_mysql腳本建立Snort運(yùn)行必須的數(shù)據(jù)表c:mysqlbinmysql-Dsnort-uroot-p<snortschemascreate_mysqlc:mysqlbinmysql-Dsno

13、rt_archive-uroot-pp命令進(jìn)入snort數(shù)據(jù)庫(kù)后,使用showsnortschemascreate_mysql附:使用mysql-Dsnort-uroottables命令可以查看已創(chuàng)建的表建立acid和snort用戶,在root用戶下建立mysql>grantusageon*.*to"acid""localhost"identifiedby"acidtest"mysql>grantusageon*.*to"snort""localhost"identifiedby&q

14、uot;snorttest"為acid用戶和snort用戶分配相關(guān)權(quán)限mysql>grantselect,insert,update,delete,create,alteronsnort.*to"snort""localhost"mysql>grantselect,insert,update,delete,create,alteronsnort.*to"acid""localhost"mysql>grantselect,insert,update,delete,create,altero

15、nsnort_archive.*to"acid""localhost"mysql>grantselect,insert,update,delete,create,alteronsnort_archive.*to"snort""localhost"4測(cè)試snort啟動(dòng)snortc:snortbin>snort-c"c:snortetcsnort.conf"-l"c:snortlogs"-i2-d5安裝虛擬機(jī)安裝成功如下設(shè)置虛擬機(jī)內(nèi)IP為192,168.10.3主機(jī)I

16、P為192,168.10.2Ping通表示虛擬機(jī)和主機(jī)能夠正常通信配置病毒以任我行病毒為例打開netsys輸入虛擬機(jī)IP配置服務(wù)端,生成服務(wù)端后放置到虛擬機(jī)中,運(yùn)行服務(wù)端通過(guò)即可客戶端控制虛擬機(jī)三通過(guò)wireshark抓包分析特征tMU&HLMiluit1.明£tIsnur<m1MlijnttftiHiifilpNoTmffScKPnztlertgS-Fr*c1a.OOQQWL31STTM7W72UZEIZl,(M科:,513匚1屯§eq-lAck-1Mln-靠期152Ltn-S270,008aMi1Q7.1AR.IG.J1«3!.I&B.1

17、0.1TB111laijg>vmJk-prap-iPA.£«h?"LMk-,Mwi1113133L20yO.D11S23I&ICH.IK.2710-1W.1&?mw弓92rtaeq*>-THiszmus-S<00>m"FkIpr叩4>(>SKq<K4CLOWa.*431a.i111ULW197IBB.101TCP£eq-%4*kYQrf1rJ63FLen-145Q.DfSITJdmJ甌151TCP111I邪20>fa!|Wfc:-prip1:F*i.«7K1MQ=

18、1;0Ack7llZ1E>1打L79t>d.14QM2132.1GA.1D.1192.1&B.10.2TCPIMVTWik-priapi>工朝2口F"&1訂5cq-U2AeUIS37技22Len-SJ7弧)39W51找J&JOC1找JM.MiJTCPWJ>6M*.rrpi-jpl(<»JA/*“4"1*Ln“LEWao.djsnsicu®.工效,?&10ri(U.19,255INBhS斗士Nineqi.eryNB1ETX11£-49vMq必而巾1弓1-J.*丸El10.1(Mrl9g

19、,2S(MBftS汽向制電qirtryNBJSK116-J?<(M>ido.波睛*1Mg瓠”4MBAS卑q*y醺J£ZUli-49<CP0>LL口.UQ71E+a£Q:c«ifi3tlfiachSdfec>3rDrOe/Ht:s1砒SmcnrdquciryAfCIekdwai-L1LSLdidJinaQuer>Aiia.14sailTflXQ;JG4門為1,。;。;口”1仃;3VIEaENQ目ucr/CHIUO.6357&Xla1D4.1W.510.104.1»,255職er。ft?Nineq*產(chǎn)yNBJGZX

20、UU*必13O.bWhio.iD4.iw.a61制HA玉02aq”T陶片張oo爭(zhēng)H弧都弊外16LM1"T口皆NahPqy4y、/1耳/1”-4虹基展itrrm>13106bytn口沖,討把的席力.1Q&bytg匚3t«!(副gbiti>»Eihtrrr11.sc:v*ire_e-.aJtftafOCi.0c:e*:a?:Ba)Post;co®palirL-29-59,&+(bSnTOsM:J9:59:fi-i!1TiTterrwt:PtM證el”廣35£,貨0OJLlb

21、fl.ldOON:£192.Id.2)hTrism5TlcintantrfllProracDlBSrcMrr:#p尸叩tJ5$目"StPort:l'W?D(ll?fl?-0)BSY:l.昵上:1nl兩:5anC52tftiTeE)Dl»Oi";iunn-nnQiriD04U巾W0*n%LBwn.il3。力塞z*J<-5T*-rJ30101浦SJn-4H3I-1a111ckdlT>Id1A4-141LSoflT£7At1A1.-FZ4DToJlHTAJCN$9811K4MLJIrxrL5E0-rrbA70f421954OUOc

22、g5tn40oo$0姓g01Weadd配3112f*IH10S7334、金日:0004DODO-CIO00200031“於iinsc"的*ILJi歲66fiq通過(guò)分析每一條宿主機(jī)與虛擬機(jī)的包特征編制規(guī)則四將特征寫入規(guī)則文件二IU.I&rfll.rulr*二字枳3,2,1一1-1;A,三4二4't,I1'耳,LJ11-L.U,3.14-11Ifr11*I比16C11.rulet,vL.Lt如口沙口£,1Qdlill!U4ti4Htp.9LOCALATTLEEiThlefileinientlonalLyMemnot©沏ewith®Untur&am

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論