Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

Its not just war; its cyber war! Israel and Gaza engaged in cyber war

News of cyber war fare is reported from the warzone! News bases sites, telecommunication etc are the initial targets on both sides. Israel and the Arab world are showing mastery

Read More

Reverse SSH Tunneling (NAT)

Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with reverse SSH tunneling. This document will show you step by step how

Read More

Critical SQL Injection in Perfect Magazine

PlanetCreator has reported another critical SQL Injection (vulnerability) on Perfect Magazine : Myanmar Fashion, Entertainment, News, Wrtitings and Asrology for all myanmar people http://www.perfectmagazineonline.com This vulnerability has been alerted to

Read More