Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort rule

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 22 Oct 2012 11:45:05 -0400
On Oct 19, 2012, at 10:25 AM, shahin ali <shahin.ali01 () gmail com> wrote:


Hello,

     i need help with this question. Write a snort rule to detect a DNS packet using the following details:  
o Source IP address:     192.168.23.128  
o Destination IP address:  192.168.23.130  
o Write a snort rule to detect a connection attempt on the Telnet Server which has an IP  
Address 192.168.32.129 and generate alerts for packets with content ‘Telnet!’ directed to the  
Server.  


Hello,

This looks suspiciously like a homework question.  This is actually a really simple rule to write and if you look at 
http://manual.snort.org you should be able to figure it out easily.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: