LinuxQuestions.org - help with snort rules

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - help with snort rules (https://www.linuxquestions.org/questions/linux-security-4/help-with-snort-rules-844826/)

aikiscotsman

11-17-2010 08:24 AM

help with snort rules

Hi Im trying to write some rules for a project, one of the problems is to implement a rule that will detect an administrator login an ftp server in my network for an outside intruder. I know how to write the basic rule to detect an outside access of port 21 in my network , but struggling to implement the intruder trying as admin

plz help driving me nuts

thank you

unixfool

11-17-2010 08:55 AM

Have you tried to see if there's a rule that already exists that does that?

Check your snort rules again, or better yet, check http://emergingthreats.net (specifically, http://rules.emergingthreats.net/)

All times are GMT -5. The time now is 08:35 PM.