Study of Snort performance in counteracting port scanning techniques

Authors

  • Kateryna Chumachenko Kharkiv National University of Radioelectronics, Ukraine
  • Dmytro Chumachenko National Aerospace University «Kharkiv Aviation Insitute», Ukraine

DOI:

https://doi.org/10.18372/2225-5036.23.11546

Keywords:

Snort, port scanning, attack detection, zero-day attack, evasion, information security

Abstract

Snort Intrusion Detection System became the de-facto standard among the software-based Intrusion Detection Systems because of the high level of customization and the relative ease of use. However, it is essential for an Intrusion Detection System not only to prevent the known attacks, but also to detect zero-day attacks and their preceding steps, such as port scans. A lot of companies neglect the security measures, associated with the prevention of the steps, preceding the attack, such as port scans. This article analyzes the performance of Snort in relation to detecting various port scanning methods and common evasion techniques, as well as the configurations that lead to the best performance. Port scanning prevention is discussed in the context of the nmap service and all the scanning techniques associated with it. Moreover, a packet defragmentation technique is discussed as the evasion technique, as well as the ways of the evasion detection. The article includes the recommendations for configuration of the Snort Intrusion Detection System for effective detection of the port scanning attacks.

Author Biographies

Kateryna Chumachenko, Kharkiv National University of Radioelectronics, Ukraine

Year and place of birth: 1997 year, Kharkiv, Ukraine.

Education: Kharkiv National University of Radioelectronics, 2017 year.

Position: student of Software Engineering Department.

Scientific interests: information security, penetration testing.

Publications: about 10 publications on information security field.

Dmytro Chumachenko, National Aerospace University «Kharkiv Aviation Insitute», Ukraine

Year and place of birth: 1989 year, Kharkiv, Ukraine.

Education: National Aerospace University, 2011 year.

Position: teaching assistant of Informatics Department.

Scientific interests: multiagent simulation, information security.

Publications: more than 60 publications on simulation and information security fields.

References

Stallings W. Computer Security: Principles and Practices / W. Stallings, L. Brown. – Harlow, UK: Pearson Education Limited, 2012. – 816 p.

Lyon G.F. Nmap Network Scanning: The Of-ficial Nmap Project Guide to Network Discovery and Security Scanning / G.F. Lyon. – Nmap Project, 2009. – 468 p.

Roesch M. Snort Users Manual 2.9.8.2. / M. Roesch. – Cisco, 2016. – 267 p.

Rehman U.R. Intrusion Detection Systems with Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID / U.R. Rehman. – New Jersey, USA: Prentice Hall PTR, 2003. – 275 p.

Published

2017-04-30

Issue

Section

Network & Internet Security