Consider the following Snort IDS rule: alert icmp any any \$HOME_NET any (msg: "ICMP detected!!"; sid:1000120;) 1. What type of connection is this rule applied to? [1 mark] 2. Explain the meaning of $ HOME_NET in the rule above? (include source, destination, ports, and directions) [1 mark] 3. Explain the role of snort.conf file while configuring the snort rules. [1 mark] 4. What happens when the rule is matched? [1 mark] If the above rule was to be changed to: alert icmp \$HOME_NET any -> any any (msg: "ICMP detected!!"; sid:1000121;) 5. Would there be any difference in triggering the above two rules? Add justification in detail. [2 marks] 6. Does any of the above rules help the network administrator detect any Ping of Death attacks on your network? Add justification. [1 mark]