Question: Exercise #1b Rule to send alert when the source and destination addresses are the same. alert IP 192.168.1.1 any 192.168.1.1 any (msg: Source / Destination

$Exercise \#1b Rule to send alert when the source and destination$

Exercise \#1b Rule to send alert when the source and destination addresses are the same. alert IP 192.168.1.1 any 192.168.1.1 any (msg: "Source / Destination Addresses same.";) alert any any 80 any 443 (msg: "Source / Destination Addresses same.";) alert tcp 192.168.1.1 any 192.168.1.1 any (msg: "Source / Destination Addresses same.";) alert IP ip address any ip address any (msg: "sane ip address";) QUESTION 2 Exercise \#2b Rule to detect SNMP connection over UDP using default "public" is made Ans: Let protected address is 192.168.1.1 alert IP any any 192.168.1.1 161 (msg: "SNMP connection attempt over UDP using Public default.";content: "public";) Ans: Let protected address is 192.168.1.1 alert UDP any 161192.168.1.1 any (msg: "SNMP connection attempt over UDP using Public default." "content: "public";) Ans: Let protected address is 192.168.1.1 alert IP any 161 192.168.1.1 any (msg: "SNMP connection attempt over UDP using Public default.";content: "public";) Ans: Let protected address is 192.168.1.1 alert UDP any any 192.168.1.1 161 (msg: "SNMP connection attempt over UDP using Public default.";content: "public";)

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Task due by Sunday 6/15/18: The answers should be relating to SNORT and the SNORT rules. Please and Thank you. Q1. How can we write a rule to send an alert when source and destination are same? Use...

Q:

How to achive task 1, 2, 3 ? If you review rules found in the /etc/snort/rules directory, you will see that rules have the general form of: alert -> The snort rules include two address fields:...

Q:

Hello I am in need of help with the second part to my lab. I need help filling out tables 1,2, and 3 based on the policies another tutor helped me make before hand. I will attach the policies as well...

Q:

Assume two hosts on a private network behind a NAT with IP address 192.168.1.4 and 192.168.1.7. They start a communication at the same time with TCP to an external (i.e., on a public network) web...

Q:

L The action for this rule is to alert with a message of "DELETED SC and classify the attack type as "attempted-recon". This message alert will only be generated if the following parameters are true:...

Q:

1.Examine the alert and understand the content such as source and destination IP addresses, the Alert (ICMP packet found messages). Then interpret and analyze the triggered alert in the context of...

Q:

10 252.1204 STOT 10 2521.75 10/2247 DMZ HIN 10/22 MAN 10/2014 10/22 10.2013 10/2016 10252 8.43 10.2525.90 IN WARE 10.252.4.106 10 2526 161 10252 S.143 10.252.4 110 10.252 10.252 8 207 10 252 5101...

Q:

Networking / Computer Communications: Refer to Figure 3.19a. Assuming that the network address is 192.168.1.x, explain the entries 192.168.1.255 ff-ff-ff-ff-ff-ff and 255.255.255.255...

Q:

INITIE INILI LEIRI IHIRT 10 201204 10.252.11 10.22.1.25 LLLL 10 252 247 DMZ CHE LIAN 10.14 10.252.8 29 10.252.4237 HOLLAN 10252 4137 10 10 25 43 10.2529.90 102524100 102 10.252 5.143 10/224110 02...

Q:

Internet SE 10.252.1204 10.252.1 51 10.29215 102 124 DMZ JUNE 10/2247 102.14 10/29 MEDIUM 102A ALAMU 10.2.2018 10252 8.43 (102925.90 CON 10/224100 RE Ada Bia Gali, EN 10/252143 10292110 MA 10/29261...

Q:

In what circumstances will a negotiated transfer price be used instead of a market-based price?

Q:

Refer to Exercise 14.41. Use Tukeys Multiple Comparison Method to find which categories of marital status (MARITAL) differ with respect to education (EDUC).

Q:

a . Confirmations address existence more than they address completeness. b . Auditors should always confirm the total balances of accounts rather than individual portio sales, all three should be...

Q:

marks/Asset-Liability Analysis) Balance Sheet Assets (m) Liabilities/Equity (m) 5-year US Treasury Bonds $40 Demand Deposits $100 1-year floating rate corporate bonds $57 5-year CDs $30 (repricing...

Q:

Identify and control your anxieties

Q:

Understanding and Addressing Anxiety

Q:

2. Read a famous or familiar speech (such as Martin Luther Kings I Have a Dream speech), and create an outline for it. Can you follow a clear sequence of points? Do the subpoints support the speakers...

Recommended Textbook

More Books

Database And Expert Systems Applications Dexa 2022 Workshops 33rd International Conference Dexa 2022 Vienna Austria August 22 24 2022 In Computer And Information Science 33

Authors: Gabriele Kotsis ,A Min Tjoa ,Ismail Khalil ,Bernhard Moser ,Alfred Taudes ,Atif Mashkoor ,Johannes Sametinger ,Jorge Martinez-Gil ,Florian Sobieczky ,Lukas Fischer ,Rudolf Ramler ,Maqbool Khan ,Gerald Czech

1st Edition

3031143426, 978-3031143427

Ask a Question and Get Instant Help!