2. Write 6 snort rules There are several distinct packet signatures in the packe
ID: 3734892 • Letter: 2
Question
2. Write 6 snort rules There are several distinct packet signatures in the packet trace file. In the trace file, there are 30 packets total. Your task is to create 6 new snort rules that will uniquely identify the 6 different packet signatures. ' : You should use Wireshark to open the source file, read these data packets carefully. Many packets contain suspicious information, and write snort rules to alert them. Do not write two or more rules on the same type of packets. (For example, only one rule is for HTTP packets. That means do not write two separated rules for HTTP packets.). You should use contents or flags (or both) in the rule. You are encourage to define variables. One snort rule is already shown as an example (i.e., alert icmp any any-> 192.168.10.2 any (msg"ping detected": itype:: sid:999:). Since you were already provided with the example snort rule, you need to "comment out" that the example rule in the CST4710_rules file by putting the "#" at the beginning of the line in front of the word "alert". Look though the packetExplanation / Answer
Rule#1
alert tcp $ETERNAL_NET any -> 192.168.3.0/24 80 (msg:"Samle alert";)
Rule#2
alert tcp $external_net any -> 192.168.3.0/24 7102 (msg:"IDS411/dos-realaudio";
flags:AP; content:"|fff4 fffd 07|"; reference:arachnids,IDS4211;)
Rule#3
alert tcp $external_net any -> 192.168.3.0/24 80 (content:"some_content"; gid:1000001; sid:1000983; rev:1;)
Rule#4
alert tcp $external_net any -> 192.168.3.0/24 80 (msg:"WEB-MISC phf attempt"; flags:A+;
content:"/cgi-bin/phf"; priority:10;)
Rule#5
alert tcp $external_net any -> 192.168.3.0/24 80 (msg:"HTTP Service Rule Example";
metadata:service http;)
Rule#6
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.