First Previous Next Last         Home

UUASC Snort/Acid Presentation - writing a rule

Slide 37

Note blockquote> * if you don't remember hex -> ascii off the top of your head, you can go to http://www.asciitable.com/ or figure it out in ethereal/${your_favorite_sniffer}
* One good rule is to setup a honeynet server, and creat a:
alert tcp any any -> $HONEYNET ANY ;
alert udp any any -> $HONEYNET ANY
Created on Wednesday 30 June 2004 by Nicholas Bernstein with KPresenter