Question
Question #1 How many rules use a Perl Compatible Regular Expression that are located in rules directory for Snort? Question #2 How many rules to
Question #1
How many rules use a Perl Compatible Regular Expression that are located in rules directory for Snort?
Question #2
How many rules to detect the SDBot Remote Access Trojan are located in rules directory for Snort?
Question #3
What is the name of the Remote Access (Network) Trojan that used the IP address of 45.129.33.9 in the file: alert.full.1437383948?
Hint: grep is your friend.
Question #4
What was the last octet (or octets) of the IP address(es) that were the target of a buffer overflow attack against the software called Winamp in the alert.full.1437383948 file?
Question #5
In the following rule (below), what does the |3A|2F|2F| sequence represent in ASCII?
alert ip any any -> any any (msg:"TURLA Fake adobe URL"; content:"http|3A|2F|2F|get|2E|adobe|2E|com|2F|flashplayer|2F|download|2F|update|2F|x32|"; fast_pattern:only; classtype:bad-unknown; sid:26201; rev:1;)
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Data Communications and Networking
Authors: Behrouz A. Forouzan
5th edition
73376221, 978-0073376226
