1) Install and Configure Snort as an Intrusion Prevention System

2) Configure Ubuntu virtual machine to work as a software router

3) Setup apache webserver with basic authentication
4) Perform nmap http-brute force attack using Kali Linux
5) Analyze Packets using Wireshark
6) Configure Snort to defend against the http-brute force attack

In this tutorial , we are demonstrating that snort be configured to block a HTTP

BruteForce Dictionary Login Attack. A BruteForce Login attack is where a attacker
attempts to login into a website by using random credentials stored in a
dictionary(E.g. a file) We can spot a Bruteforce attack when we see a large the
number of login attempts from the same IP address within a given time period. For
example , if we see 6 login attempts within 1 seconds from the same IP, we can
probably assume that a Bruteforce attack is occurring and we should block the IP
initiating the attack. We know this because no human can login 6 times within 1
second. You can implement such blocking logic like this using snort rate_filters
(which I demonstrate in the video). The rules demonstrated in the tutorial may not
useful in a real world situation. For example, say you have a Website on AWS being
logged into 1000 times a second by clients around the world. You could implement
the rules from the tutorial and block brute force attacks coming from a single IP
However , a smart attacker is likely to use a different IP Address for every login
attempt and the rules in this video would not work. To handle such a situation , it
would probably make sense to trigger a CAPTCHA through your web application to stop
the attack(although some attacks can get through captcha)