Question: I cannot get any keyword Snort rules to work. I have it working with peer coined rules and no - keyword rules. See attached. Do
I cannot get any keyword Snort rules to work. I have it working with peer coined rules and no - keyword rules. See attached. Do you see any problems? ubun (Snapshot 1) [Running] - Oracle VM VirtualBox le Machine View Input Devices Help ext Editor Open local.rules # $Id: toca! . rutes , v 1.11 2004/07/23 20:15:44 bnc Exp S # LOCAL RULES # This file intentionally does not come with signatures. Put your local alert tcp any any any 80 (nsg: "hacker found", content:"hacker", nocase; sd : 1 1 1 1 1525) alert tcp any any any any (content: "hacker"; nocase; sid:1111122;) alert ip any any > any any (msg: "ross alert example"; sid:2994184;) alert tcp SHOME_NET any SEXTERNAL NET 80 (msg: "hacker99 was searched"; content: "hacker99"; sid:666666;) alert tcp any any >any any (content: "google" msg:"found google"; sid:1231231;) alert tcp any any-> any any (content: "DNS"; msg:"naughty site,std:1231231;) alert tcp any any > any any (content:"mozilla"; msg: "found mozilla"; sid:1231231;) alert tcp any any -> any any (content: "DNS"; msg: "found DNS"; sid:1231231;) alert tcp any any any any (content:"icmp"; msg: "found icmp" sid: 1231231;) alert tep any 23 any any (msg: "telnet not allowed says Ross";sid:2222222;)
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help