Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

Rooting webhost

r00ting a webhost Introduction: Well taking over a host isnt as easy as you may think. There is a fairly big process involved and a lot of fidiling around. Below

Read More

Infection via HTML

Edit the code on what and how you need it, and yes this is detectable  in many cases, but you could insert a small FUD downloader to be  downloaded via

Read More

How to find the true location of a person from chat room (Yahoo, MSN, Jabber etc)?

How to find the persons IP from chat? How to find a person’s location from MSN, yahoo … This person is trying to cheat me through chat, how can I

Read More