配置规则以检测 SMTP、HTTP 和 DNS 流量
Configuring rules to detect SMTP, HTTP and DNS traffic
我目前正在尝试配置 Snort 规则以检测 SMTP、HTTP 和 DNS 流量。这个设置正确吗?
alert icmp any any -> $HOME_NET any (msg: "ICMP connection attempt"; sid:100000$
alert tcp any any -> $HOME_NET 80 (msg:"HTTP connection attempt"; sid:1000003; $
alert udp any any -> 10.8.9.39 any (msg: "DNS connection attempt"; sid:1000004;$
alert tcp $SMTP_SERVERS any -> $HOME_NET any (msg:"SMTP connection attempt"; si$
这些规则最终是正确的。可以在以下位置找到文档:https://www.snort.org/documents
我目前正在尝试配置 Snort 规则以检测 SMTP、HTTP 和 DNS 流量。这个设置正确吗?
alert icmp any any -> $HOME_NET any (msg: "ICMP connection attempt"; sid:100000$
alert tcp any any -> $HOME_NET 80 (msg:"HTTP connection attempt"; sid:1000003; $
alert udp any any -> 10.8.9.39 any (msg: "DNS connection attempt"; sid:1000004;$
alert tcp $SMTP_SERVERS any -> $HOME_NET any (msg:"SMTP connection attempt"; si$
这些规则最终是正确的。可以在以下位置找到文档:https://www.snort.org/documents