Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

Credit card fraud! How to protect ourselves from this identify theft?

Credit card or the plastic money has given us lot of convenience on the good side and hell lot of head ache on the bad side. Credit card fraud as

System User on XP

Here is the article on the available ways to logon/scalate to SYSTEM user on XP… Enjoy Logon as “NT AUTHORITY\SYSTEM” user on Windows XP %% BY EDU %% [-Introduction-]Windows XP

What is NetBIOS?

NetBIOS is a Microsoft service that enables applications on different computers to communicate within a LAN. NetBIOS systems identify themselves with a 15-character unique name and use Server Message Block,