Answered step by step
Verified Expert Solution
Question
1 Approved Answer
10 22.1.2014 15. 10.252.1.51 HERE ERRENO 10/2521.75 AMILAN 10.25 1247 DMZ 10 229 10282427 1029214 10292413 10262196 10/2243 101282080 ALLEN 10128261 AN 102.143 10.21DB 10
10 22.1.2014 15. 10.252.1.51 HERE ERRENO 10/2521.75 AMILAN 10.25 1247 DMZ 10 229 10282427 1029214 10292413 10262196 10/2243 101282080 ALLEN 10128261 AN 102.143 10.21DB 10 LO 1024 102528207 10.282 LOGO 102 10.22 0 Internal OPS Receiving Shipping 102222 10.229.131 622 NOT 1025226229 10.2523 192 10.2529,95 20.292 2194 10.252.7.19 10 252.3.101 10.252.9.219 10 252 2.45 10.252.7216 10 252.3.230 10.252 9.137 10.352 2221 10.252.7.197 10 25243.212 10 252.9.250 10,252 299 1002529 HR Finance Marketing Given the image above, complete the signature rule for the following: Write a snort rule that will block, but not log, Remote Desktop connection attempts from the HR network segment to the Shipping network segment. Assume the use of IPv4 addresses. DO NOT use snort variables ($HOME_NET) as you would normally find in the snort.conf file. Include CIDR notation for a range of addresses when necessary. When a service supports both TCP and UDP assume TCP. Use Section 1 for the rule action Use Section 2 for the protocol Use Section 3 for the source IP address Use Section 4 for the source port number Use Section 5 for the direction symbol (->, ) Use Section 6 for the destination IP address Use Section 7 for the destination port number 10 22.1.2014 15. 10.252.1.51 HERE ERRENO 10/2521.75 AMILAN 10.25 1247 DMZ 10 229 10282427 1029214 10292413 10262196 10/2243 101282080 ALLEN 10128261 AN 102.143 10.21DB 10 LO 1024 102528207 10.282 LOGO 102 10.22 0 Internal OPS Receiving Shipping 102222 10.229.131 622 NOT 1025226229 10.2523 192 10.2529,95 20.292 2194 10.252.7.19 10 252.3.101 10.252.9.219 10 252 2.45 10.252.7216 10 252.3.230 10.252 9.137 10.352 2221 10.252.7.197 10 25243.212 10 252.9.250 10,252 299 1002529 HR Finance Marketing Given the image above, complete the signature rule for the following: Write a snort rule that will block, but not log, Remote Desktop connection attempts from the HR network segment to the Shipping network segment. Assume the use of IPv4 addresses. DO NOT use snort variables ($HOME_NET) as you would normally find in the snort.conf file. Include CIDR notation for a range of addresses when necessary. When a service supports both TCP and UDP assume TCP. Use Section 1 for the rule action Use Section 2 for the protocol Use Section 3 for the source IP address Use Section 4 for the source port number Use Section 5 for the direction symbol (->, ) Use Section 6 for the destination IP address Use Section 7 for the destination port number
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started