kalickali: $ mousepad $/$etc$/$snort$/$snort$.$conf

$$

File Edit Search View Document Help

alert tcp $HOME$\_$NET any diamond $EXTERNAL$\_$NET $6666$:$7000($msg: "CHAT IRC message"; flow:established;

content:"PRIVMSG $"$; nocase; classtype:policy$-$violation; sid:$1463$; rev:$6$;$)$

a$)$ What type of connection this rule is applied to$?($include protocol name$)$

b$)$ What traffic is monitored? $($include source, destination, ports, and directions$)$

c$)$ Any additional requirement$/$characteristics in the traffic that the rule looks for?

d$)$ What happens when the rule is matched? $($include action$)$