[Snort-sigs] New to writing Snort Rules. Help writing a rule?
tah338 at ...3678...
Fri May 18 16:18:13 EDT 2012
I recently put Snort on a system for my work. I'm trying to configure it
by writing certain rules, but since I'm brand new to Snort, I'm having
some trouble figuring out how to write these rules. Basically, the
system I'm deploying Snort on should only be receiving traffic through
two avenues: a MySQL database and Oracle database that are linked to it.
Everything else should be picked up Snort as potentially being bad. What
I'm wondering is, how would I go about writing rules that would achieve
UNH Research Computing Center
More information about the Snort-sigs