Need Help writing SNORT Rules for the following I've never done this before

    Date03 Nov 2008
    Posted ByLinuxSecurity Contributors
    I need some help in writing snort rules for the following, I have never done this before, can someone please help me. Thanks 1. (1 point) Write a Snort rule that will alert on TCP traffic exiting the network with the content "proprietary". I do not care where the traffic is going or what ports it is using. When Snort creates the alert it should read "Proprietary information leaving!" 2. (1 point) Write a Snort rule that will log any TCP traffic entering into the and networks with destination ports 1 through 1024. I do not care about the source IP addresses or source ports. When Snort logs the traffic it should read "Incoming to low ports". 3. (1 point) Write a Snort rule that will alert on UDP traffic entering the network that contains the content "cgi-bin" anywhere between the 5th byte offset to the 25th byte offset. The alert should trigger on both lowercase and uppercase content. I do not care about the source ports or destination ports. When Snort creates the alert it should read "UDP CGI exploit".
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"4","type":"x","order":"2","pct":66.67,"resources":[]},{"id":"86","title":"No","votes":"2","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.