I need some assistance with these snort rules. 1. Alert on any traffic with the RST flag

I need some assistance with these snort rules.

Transcribed Image Text:

1. Alert on any traffic with the RST flag set to the server from .128. Your message should indicate: ".128 Possible SYN Scan." 2. Alert on any FTP traffic with the SYN flag set from .128 to the victim. Message should read: ".128 attempt to FTP to victim." 3. Alert on any telnet traffic with the SYN flag set, from .128 to the victim. Message should read: ".128 attempt to telnet to victim." 4. Alert on any ssh traffic containing the keyword "SSH-2", from .128 to the server. Message should read: ".128 attempt to SSH to server." 5. Alert on any http traffic from .128 with the SYN flag set, from .128 to the server. Message should read: .128 attempt to the web server." 6. Alert on any http traffic from .128 containing "apache2.conf" sent from .128 to the server. Message should read "Found apache2.conf." 7. Alert on any packets from .128 to the victim containing "passwd". Message should read: "Found passwd." 8. Alert on any packets from .128 to the victim containing "shadow". Message should say "Found shadow" 9. Alert on any ftp traffic from the .128 to the victim that contains "jgarrett". Message should read "jgarrett over ftp". 10. Alert on any ssh traffic from .128 to the server with the FIN and ACK flags set. Message should read "F/A for SSH teardown." 1. Alert on any traffic with the RST flag set to the server from .128. Your message should indicate: ".128 Possible SYN Scan." 2. Alert on any FTP traffic with the SYN flag set from .128 to the victim. Message should read: ".128 attempt to FTP to victim." 3. Alert on any telnet traffic with the SYN flag set, from .128 to the victim. Message should read: ".128 attempt to telnet to victim." 4. Alert on any ssh traffic containing the keyword "SSH-2", from .128 to the server. Message should read: ".128 attempt to SSH to server." 5. Alert on any http traffic from .128 with the SYN flag set, from .128 to the server. Message should read: .128 attempt to the web server." 6. Alert on any http traffic from .128 containing "apache2.conf" sent from .128 to the server. Message should read "Found apache2.conf." 7. Alert on any packets from .128 to the victim containing "passwd". Message should read: "Found passwd." 8. Alert on any packets from .128 to the victim containing "shadow". Message should say "Found shadow" 9. Alert on any ftp traffic from the .128 to the victim that contains "jgarrett". Message should read "jgarrett over ftp". 10. Alert on any ssh traffic from .128 to the server with the FIN and ACK flags set. Message should read "F/A for SSH teardown."