[Snort-users] Snort rule

Joel Esler jesler at ...1935...
Mon Oct 22 11:45:05 EDT 2012


On Oct 19, 2012, at 10:25 AM, shahin ali <shahin.ali01 at ...11827...> wrote:

> Hello,
> 
>      i need help with this question. Write a snort rule to detect a DNS packet using the following details:  
> o Source IP address:     192.168.23.128  
> o Destination IP address:  192.168.23.130  
> o Write a snort rule to detect a connection attempt on the Telnet Server which has an IP  
> Address 192.168.32.129 and generate alerts for packets with content ‘Telnet!’ directed to the  
> Server.  

Hello,

This looks suspiciously like a homework question.  This is actually a really simple rule to write and if you look at http://manual.snort.org you should be able to figure it out easily.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121022/24cf9c2e/attachment.html>


More information about the Snort-users mailing list