Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

Critical Blind SQL Injection in MRTV4 (Myanmar)

PlanetCreator reported another Critical Blind SQL injection (vulnerability) on MRTV4 (Myanmar) URL : http://www.mrtv4.net.mm/ SQL injection is a code injection technique that exploits a security vulnerability occurring in the database

Read More

Double Your Defense with a Double Firewall

If you have a home network router, your computer and other computers on the network (such as your spouse’s laptop and your children’s computer) are protected from the outside world.

Read More

Dont be scared! It’s just a scareware. About latest scareware’s

Scarewares are the latest online menace, which attempt to scare you and thus make you buy fake fix solutions to cure your perfectly working computer system. They would appear as

Read More