Question
As you have done within other classes to build Snort rules, you will now take the information you gathered to create Snort rules. Use the
As you have done within other classes to build Snort rules, you will now take the information you gathered to create Snort rules. Use the details you collected within this lab to create three Snort rules to detect the activity. In Q8, can you create specific snort rules (at least 3 rules) to monitor traffics ?
For example,
alert tcp any any -> 10.0.250.160 80 (msg: "Malicious Payload Upload"; sid:1000002; content:"FileUploader"; http_uri; content:"POST"; http_method; flow:to_server,established;)
Can anyone create me 3 basic snort rules using that IP address?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Databases Illuminated
Authors: Catherine M Ricardo, Susan D Urban
3rd Edition
1284056945, 9781284056945
