Question: QUESTION 5 Exercise #5b Rule to generate an alert when network traffic that indicates Skype is being used.alert tcp alert tcp any any any any
QUESTION 5 Exercise \#5b Rule to generate an alert when network traffic that indicates Skype is being used.alert tcp alert tcp any any any any (msg:"P2P Skype call detected against policy"; flow:from_client, not_established ; dsize:5; content :"|17 03 01 00|"; depth:4; flowbits:set,skype.login; classtype:policy-violation;) alert tcp any any any any (msg:"P2P Skype call detected against policy"; flow:to_client ,established ; dsize:5; content :"|17 03 01 00|"; depth:4; flowbits:set,skype.login; classtype:policy-violation;) alert tcp any any any any (msg:"P2P Skype call detected against policy"; flow:to_client , not_established ; dsize:5; content :"|17 03 01 00|"; depth:4; flowbits:set,skype.login; classtype:policy-violation;) alert tcp any any any any (msg:"P2P Skype call detected against policy"; flow:from_client ,established ; dsize:5; content :"|17 03 0100 "; depth:4; flowbits:set,skype.login; classtype:policy-violation;) QUESTION 6 According to the document "Log analysis using Splunk Hadoop connect" by Boulat Chainourov, which Internet protol helps in dealing with the drift of internal clocks of the computers on the Internet? This deift causes obstacles in getting precise timings of events happening on machines that go under forensic analysis. the Internet Protocol (IP). Network Time Protocol (NTP). Transmission Control Protocol (TCP) Hyper Text Transfor Protocol (HTTP)
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help