IntrusionDetectionusingSNMPandMRTG(值得研究).pdf

ECE4112 Internetwork Security LabX: Intrusion Detection using SNMP and MRTG Lab authored by: Group6 (Ott Oudom, Ferdi Tjandra) Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: Never Date Due: Never Last Edited: 05/02/2006 Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. During some parts of the lab you will be simulating attacks that may take some time (~15 minutes each). This is so that MRTG will be able to log the attack and so you will see more than just a ‘blip’. Answer ALL questions in the throughout the lab and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the due date. Requirements:  Windows Server 2003 with IIS6 (might need to use your MSDNAA license key)  Microsoft Log Parser () To get MRTG to work on Windows 2003 Server you will need the following:  A current copy of ActivePerl (perl compiler) ()  The latest version of MRTG (http://oss.oetiker.ch/mrtg) Goal: The goal of this lab is to introduce you to the Multi Router Traffic Grapher (MRTG), and showcase how it can be used to detect intrusions on a Windows 2003 Server machine. MRTG is really nothing more than a tool that collects counter data from the network devices and displays them in a format that is easy to understand. With only the counter data by itself, it would be very difficult to see trends. With MRTG, you will be able to access the graphical data through any web browser and even remotely (if you put the files on a web server like we will be doing here). Summary: You will install Windows 2003 Server and configure MRTG for intrusion detection by collecting relevant data such as network traffic in/out, cpu utilization, or errors generated by IIS6. While collecting this data, you will use