Intrusion Detection & Response

Temple University

LAB 5

LAB 5 – Outbound traffic

https://www.sans.org/reading-room/whitepapers/detection/detecting-preventing-unauthorized-outbound-traffic-1951

http://commons.oreilly.com/wiki/index.php/Snort_Cookbook/Rules_and_Signatures

  • Disable or comment out the rules previously created:
  • Create a rule to monitor for outbound traffic
  • Connect to my dropbox link shown here: https://www.dropbox.com/sh/x8p4c32wupfuult/AADdNLF8v0aWra_8e4rVt6k1a?dl=0
  • Try to upload the logfiles to my dropbox à the rules should be configured to flag the traffic.
  • It should be configured to log and alert on this. Keep in mind that your connection to dropbox may be encrypted.
  • Submit your log files on blackboard to show you completed the assignments. Please also submit your rule that you created.  Please ensure that your logs have the following naming convention:  LastName-FirstInitial-Lab5

ALL LABS WILL BE SUBMITTED IN BLACKBOARD