用于检测 http、https 和电子邮件的 Snort 规则
Snort Rule to detect http, https and email
我配置了 snort 规则来检测 ping 和 tcp
alert icmp any any -> any any (msg:"ping";sid:10000001;rev:0;)
如何配置 snort 规则来检测 http、https 和电子邮件?
检测 http 的 Snort 规则:
alert tcp any any -> any 80 (content:"HTTP"; msg:"http test"; sid:10000100; rev:005;)
检测 https 的 Snort 规则:
alert tcp any any -> any 443 (content:"HTTPS"; msg:"https test"; sid:10000101; rev:006;)
我配置了 snort 规则来检测 ping 和 tcp
alert icmp any any -> any any (msg:"ping";sid:10000001;rev:0;)
如何配置 snort 规则来检测 http、https 和电子邮件?
检测 http 的 Snort 规则:
alert tcp any any -> any 80 (content:"HTTP"; msg:"http test"; sid:10000100; rev:005;)
检测 https 的 Snort 规则:
alert tcp any any -> any 443 (content:"HTTPS"; msg:"https test"; sid:10000101; rev:006;)