[Snort-sigs] Snort rule for IPv6 Network

sumitkamboj88 at ...2420... sumitkamboj88 at ...2420...
Thu Apr 18 15:23:11 EDT 2013


There are few questions:
1) Is there different-2 rule header and rule option for both IPv4 and IPv6
for writing snort rules?
2) Is PCRE rule option works for IPv6 snort rule writing?
3) I wrote a rule for FTP brute force attack detection over IPv6 network
but it does not generating alert for both IPv4 and IPv6 networks.Rule is
below

alert tcp any 21 -> any any ( msg:"FTP Login Bruteforce(5E-30S)";
fragbits:D; flags:AP,CE; pcre:"/login:/smi"; detection_filter:track
by_src , count 5, seconds 30; classtype:attempted-user; sid:1000008; rev:1;
)

-- 
Warm Regards
Sumit Kumar
Guru Nanak Dev University, Amritsar
Mo:- 8968227299
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130419/09069d2e/attachment.html>


More information about the Snort-sigs mailing list