Wiki

User Tools

Site Tools

Trace:
ids:snort:snort_rule_format

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ids:snort:snort_rule_format [2021/07/26 08:40] peterids:snort:snort_rule_format [2021/07/26 08:46] (current) peter
Line 4: Line 4:
  
 |Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port| |Action|Protocol|Source Address|Source Port|Direction|Destination Address|Destination Port|
 +
 +<WRAP info>
 +**NOTE:**  
 +
 +  * Action:
 +    * **alert**:  Display an alert.
 +    * **log**:  Write to Log.
 +    * **pass**:  Pass.
 +  * Direction:
 +    * **->**:  Inwards.
 +    * **<-**:  Outwards.
 +    * **<>**:  Either direction.
 +
 +</WRAP>
 +
 +
 +
  
 ---- ----
Line 10: Line 27:
  
 <code> <code>
-alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet is Detected";sid:100010)+alert tcp any any -> any any(msg: "Testing Alert" ; sid:1000001) 
 + 
 +alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected";sid:100010) 
 + 
 +log tcp !192.168.0/24 any -> 192.168.0.33 (msg: "Remote access" ; ) 
 + 
 +log tcp any any -> 192.168.1.0/24 !6000:6010
 </code> </code>
  
ids/snort/snort_rule_format.1627288854.txt.gz · Last modified: 2021/07/26 08:40 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki