Snort mailing list archives
Re: snort rule assistance/need help have to complete in short notice by next week
From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Sat, 29 May 2021 18:18:04 +0000
https://snort.org/faq/can-i-have-help-with-my-homework — Sent from my iPad
On May 29, 2021, at 10:02, Real Gamerholic via Snort-sigs <snort-sigs () lists snort org> wrote: <image.png> 1. I want to catch internal DNS requests (requests smaller than 512 bytes) originating from any internal IP address. What will I put in the blanks to complete the Snort rule? Have to be as specific as possible (use "any" sparingly, if at all). alert <blank 1> 192.168.8.1/<blank 2> <blank 3> -> <blank 4> <blank 5> (msg:"DNS request detected!"; sid:1;) 2. John doe remotely compromised the Active Directory server on the network. He/she is attempting to port scan the DNS server with nmap’s -sT option to discover an SSH service. What Snort rule will detect John Doe malicious activity (this instance). Have to be as specific as possible (use "any" sparingly, if at all). alert <blank 1> <blank 2> <blank 3> -> <blank 4> <blank 5> (msg:”SSH activity detected!"; sid:2;) _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Attachment:
smime.p7s
Description:
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- snort rule assistance/need help have to complete in short notice by next week Real Gamerholic via Snort-sigs (May 29)
- Re: snort rule assistance/need help have to complete in short notice by next week Joel Esler (jesler) via Snort-sigs (May 29)
- Re: snort rule assistance/need help have to complete in short notice by next week Eric Mowatt via Snort-sigs (May 30)
- Re: snort rule assistance/need help have to complete in short notice by next week DFIRob via Snort-sigs (May 30)
- Re: snort rule assistance/need help have to complete in short notice by next week Eric Mowatt via Snort-sigs (May 30)
- Re: snort rule assistance/need help have to complete in short notice by next week Real Gamerholic via Snort-sigs (May 31)
- Re: snort rule assistance/need help have to complete in short notice by next week Eric Mowatt via Snort-sigs (May 30)
- Re: snort rule assistance/need help have to complete in short notice by next week Joel Esler (jesler) via Snort-sigs (May 29)