Snort mailing list archives
Re: Snort rule
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 22 Oct 2012 11:45:05 -0400
On Oct 19, 2012, at 10:25 AM, shahin ali <shahin.ali01 () gmail com> wrote:
Hello, i need help with this question. Write a snort rule to detect a DNS packet using the following details: o Source IP address: 192.168.23.128 o Destination IP address: 192.168.23.130 o Write a snort rule to detect a connection attempt on the Telnet Server which has an IP Address 192.168.32.129 and generate alerts for packets with content ‘Telnet!’ directed to the Server.
Hello, This looks suspiciously like a homework question. This is actually a really simple rule to write and if you look at http://manual.snort.org you should be able to figure it out easily. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort rule shahin ali (Oct 22)
- Re: Snort rule Joel Esler (Oct 22)