help with snort rules
Hi Im trying to write some rules for a project, one of the problems is to implement a rule that will detect an administrator login an ftp server in my network for an outside intruder. I know how to write the basic rule to detect an outside access of port 21 in my network , but struggling to implement the intruder trying as admin
plz help driving me nuts thank you |
Have you tried to see if there's a rule that already exists that does that?
Check your snort rules again, or better yet, check http://emergingthreats.net (specifically, http://rules.emergingthreats.net/) |
All times are GMT -5. The time now is 08:35 PM. |