Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

Local File Inclusion (LFI) tutorial

This tutorial will guide you into the process of exploiting a website through the LFI (Local File Inclusion). First lets take a look at a php code that is vulnerable

Read More

How to find the true location of a person from chat room (Yahoo, MSN, Jabber etc)?

How to find the persons IP from chat? How to find a person’s location from MSN, yahoo … This person is trying to cheat me through chat, how can I

Read More

Several avast sites were defaces

Last month, eight sites at once well-known anti-virus solutions avast!  Were defaces: http://www.avast.co.za/ (mirror; date: 2010-01-22 15:06:28) http://awast.org/ (mirror; date: 2010-02-18 18:57:27) http://www.avast.de/ (mirror; date: 2010-02-18 18:58:01) http://shop.avast.de/ (mirror; date:

Read More