Need Help writing SNORT Rules for the following I've never done thi...

Advisories

Discover How To Secure My Network HOWTOs

Need Help writing SNORT Rules for the following I've never done this before

I need some help in writing snort rules for the following, I have never done this before, can someone please help me. Thanks 1. (1 point) Write a Snort rule that will alert on TCP traffic exiting the 10.0.1.0/24 network with the content "proprietary". I do not care where the traffic is going or what ports it is using. When Snort creates the alert it should read "Proprietary information leaving!" 2. (1 point) Write a Snort rule that will log any TCP traffic entering into the 192.168.100.0/24 and 10.2.2.0/24 networks with destination ports 1 through 1024. I do not care about the source IP addresses or source ports. When Snort logs the traffic it should read "Incoming to low ports". 3. (1 point) Write a Snort rule that will alert on UDP traffic entering the 192.168.10.0/24 network that contains the content "cgi-bin" anywhere between the 5th byte offset to the 25th byte offset. The alert should trigger on both lowercase and uppercase content. I do not care about the source ports or destination ports. When Snort creates the alert it should read "UDP CGI exploit".

Comments (0)

There are no comments posted here yet

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.