Need Help writing SNORT Rules for the following I've never done this before

    Date03 Nov 2008
    228
    Posted ByLinuxSecurity Contributors
    I need some help in writing snort rules for the following, I have never done this before, can someone please help me. Thanks 1. (1 point) Write a Snort rule that will alert on TCP traffic exiting the 10.0.1.0/24 network with the content "proprietary". I do not care where the traffic is going or what ports it is using. When Snort creates the alert it should read "Proprietary information leaving!" 2. (1 point) Write a Snort rule that will log any TCP traffic entering into the 192.168.100.0/24 and 10.2.2.0/24 networks with destination ports 1 through 1024. I do not care about the source IP addresses or source ports. When Snort logs the traffic it should read "Incoming to low ports". 3. (1 point) Write a Snort rule that will alert on UDP traffic entering the 192.168.10.0/24 network that contains the content "cgi-bin" anywhere between the 5th byte offset to the 25th byte offset. The alert should trigger on both lowercase and uppercase content. I do not care about the source ports or destination ports. When Snort creates the alert it should read "UDP CGI exploit".
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.