Discover How To Secure My Network HOWTOs
I need some help in writing snort rules for the following, I have never done this before, can someone please help me. Thanks 1. (1 point) Write a Snort rule that will alert on TCP traffic exiting the 10.0.1.0/24 network with the content "proprietary". I do not care where the traffic is going or what ports it is using. When Snort creates the alert it should read "Proprietary information leaving!" 2. (1 point) Write a Snort rule that will log any TCP traffic entering into the 192.168.100.0/24 and 10.2.2.0/24 networks with destination ports 1 through 1024. I do not care about the source IP addresses or source ports. When Snort logs the traffic it should read "Incoming to low ports". 3. (1 point) Write a Snort rule that will alert on UDP traffic entering the 192.168.10.0/24 network that contains the content "cgi-bin" anywhere between the 5th byte offset to the 25th byte offset. The alert should trigger on both lowercase and uppercase content. I do not care about the source ports or destination ports. When Snort creates the alert it should read "UDP CGI exploit".
- 764 Views
- 0 Comments
So when many people think of Nmap, it is often related to those who are new or learning in the world of scanning and tracking network ports. It's open source. It's easy to use (with a GUI). It has a full community of friendly users, plays well with friends, is good with children and even makes cupcakes at parties (okay maybe not those last few). The point is, the reality may not always be apparent; that Nmap provides some serious, enterprise, #&$#!-kicking functionality. And while we tend to avoid pushing specific papers or How-tos that cost money, this paper we found brought up a nice point considering that Nmap is, in fact, our Open Source Tool of the Month.
So if you were curious as to whether Nmap is serious enough to warrant charging for a how-to, (without shame that is) check this out. Could you find this information elsewhere? Probably. Is it as good? We don't know, we didn't buy it :) Is it easier to understand and follow, especially for someone in a business environment? Just maybe.
Either way, when push comes to shove, it's nice to see an open source tool get some attention. And who knows? If there's some company manager that doesn't trust Nmap's functionality, maybe a paid analysis of its utility could go farther in convincing them than some free how-to you found online (even from such a trustworthy, experienced site such as this :) Fair is fair, and heck, its food for thought.
- 23734 Views
- 0 Comments