LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page help with snort rules
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-17-2010, 08:24 AM   #1
aikiscotsman
LQ Newbie
 
Registered: Nov 2010
Posts: 1

Rep: Reputation: 0
help with snort rules

Hi Im trying to write some rules for a project, one of the problems is to implement a rule that will detect an administrator login an ftp server in my network for an outside intruder. I know how to write the basic rule to detect an outside access of port 21 in my network , but struggling to implement the intruder trying as admin

plz help driving me nuts

thank you
 
Old 11-17-2010, 08:55 AM   #2
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Have you tried to see if there's a rule that already exists that does that?

Check your snort rules again, or better yet, check http://emergingthreats.net (specifically, http://rules.emergingthreats.net/)
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort rules timbCFCA Linux - Security 1 10-12-2009 12:42 PM
[snort] Understanding Snort Rules Fracker Linux - Security 3 04-13-2009 09:34 AM
How to write two snort detection rules to alert on packets to those rules romafiel *BSD 0 06-08-2007 07:00 PM
Snort, Rules Tredo Linux - Security 1 12-20-2004 12:36 AM
Snort Rules Canadian_2k2 Linux - Security 5 11-01-2002 10:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:12 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration