Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

Online Services

Gathering information: (set) http://www.subnetonline.com/ (set) http://ping.eu/ (ping, dns_tools, traceroute, web_tools) http://serversniff.net/ (DIG / nslookup, whois, traceroute) http://networking.ringofsaturn.com/Tools/ (whois, dns_tools, service_scan, traceroute) http://centralops.net/co/DomainDossier.aspx (whois, dns_tools, domain_search) http://www.whois.ws/ (whois, dns_tools) http://www.robtex.com/ (whois)

Read More

Critical XSS Vulnerability in Irrawaddy News Magazine http://www.irrawaddy.org

PlanetCreator has reported another critical XSS vulnerability on http://www.irrawaddy.org owned by Irrawaddy Publishing Group These are some information from Vulneral Site http://www.irrawaddy.org Cross-site scripting (XSS) is a type of computer

Read More

Firewall: Shut Out the Hackers

This book discusses many of the security tools you can use to defend your computer against digital threats. An antivirus program and anti-spyware programs are critical; however, the third key

Read More