Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

Security Weakness of Emerge (Malaysia Web Hosting)

No man is infallible, Nobody safes @ online and There’s no complete secure protection in this Cyberwar! During these days I’m really busy with my own business! In my dream

Read More

PlanetCreator advised Pfingo’s Webmasters to check their Security

We found some security weaknesses in Pfingo.com They still have to fix and have to delete MySQL dump files in their directory. We notified this issue to pfingo yesterday! pfingoadmin.sql

Read More

Pay safe with your debit card/ bank card/ ATM card? Best practice to safe guard your PIN

In the world of convenience, people resort to different and convenient ways of spending. One such instance is the debit card which replaces cash. It is so convenient and so

Read More