The Effectiveness of Snort in DDoS Attack Scenarios

Secure communication in the digital era has become important, while on the other side, the attackers are consistently moving into more sophisticated ways to acquisition their target. DDoS was one of the common techniques used with the aim to overwhelm and make their target fail to function. To detect and limit this threat, many organizations have begun to employ various solutions. However, it was discovered that several solutions are ineffective while others require high cost for the implementation, and this has become a challenge for medium to low-sized organizations to meet their business strategy. For that, in this study we aim to introduce Snort as an open-source solution for the network detection and prevention system to determine how it undertakes and performs analysis especially in terms of accuracy and speed in relation to DDoS attacks. This study will involve a few steps: first, to establish the simulation environment; secondly, to perform the simulation with a DDoS attack to allow Snort to capture the traffic and respond according to the pre-established rules; and finally, to measure and evaluate the result. Snort as an open-source product, in nature allows the public to contribute, and that becomes the advantage compared with other commercial products especially in detecting anomalies. This will help the administrators to react more quickly by having an accurate information with an earlier warning system. Additionally, Snort is affordable, making it good choice for the organization.