Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

What are worms?

Worms are programs that replicate themselves from one system to another without using a host file. Although in most cases worms exist inside files, such as Word or Excel documents,

Read More

Waledac, the Geo-Targeted Malware

Malware authors are using IP tracking methods to deliver the latest variant of malware. It’s reported that the malware Waledec sends localized news to the victims using GeoIP technologies. The

Read More

How to Detect a Hacker Attack

If a hacker breaks into your computer, just noses around, and makes no changes to your computer, it’s not easy to tell he’s been there. There’s no alert that says,

Read More