列表 1. 用于我们策略的 Snort 规则文件
##
# Define our network and other network
#
var OURNET 208.177.13.0/24
var OTHERNET !$OURNET
var NIDSHOST 208.177.13.251
var PORTS 10
var SECS 3
##
# Log rules
##
log tcp $OTHERNET any -> $OURNET 23
log tcp $OTHERNET any -> $OURNET 21
log tcp $OTHERNET any -> $OURNET 79
##
# Alert Rules
##
alert udp any any -> $OURNET 53 (msg:"UDP IDS/DNS-version-query";
content:"version";)
alert tcp any any -> $OURNET 53 (msg:"TCP IDS/DNS-version-query";
content:"version";)
alert tcp any any -> $OURNET 80 (msg:"PHF attempt";
content:"/cgi-bin/phf";)
##
# Load portscan pre-processor for portscan alerts
##
preprocessor portscan: $OTHERNET $PORTS $SECS
/var/log/snort/pscan_alerts
preprocessor portscan-ignorehosts: $OURNET
##
# Pass Rules (Ignore)
##
pass tcp $OURNET any -> $OTHERNET 80
pass udp any 1024: <> any 1024:
pass tcp any 22 -> $NIDSHOST 22
© . All rights reserved.