Write a Suricata rule for the following: Malicious traffic is currently being sent once per minute to
Fantastic news! We've Found the answer you've been seeking!
Question:
Write a Suricata rule for the following:
Malicious traffic is currently being sent once per minute to a vulnerable host at 192.168.1.101, to UDP port 1645. The network uses port 1645 and cannot be shut down or blocked at this time.
You must write a NIDS to notify you, via alerts, when this packet is sent.
The packets contain the ASCII text "This is just a normal AAA packet" directly followed by the distinctive hex 0xABACAB, then 19 bytes after the hex match, is the ASCII text "theres a hole in there somewhere"
Related Book For
Statistics For Business And Economics
ISBN: 9780132745659
8th Edition
Authors: Paul Newbold, William Carlson, Betty Thorne
Posted Date: