Hey, wassup Y’all?
I cant do the second rule in the Snort IDS.
The question is: “IDS: On the Ubuntu system, create a local Snort rule to alert on traffic to and from TCP port 1337. The alert message should read “LEET Detected”.
(Hint: You will need two rules.)”
I did the following rules in the /etc/snort/rules/local.rules:
alert tcp any any → any 1337 (msg:“LEET Detected”; ) - Worked
alert tcp any 1337 → any any (msg:“LEET Detected”; ) - Not Worked
alert tcp any 1337 → any 1337 (msg:“LEET Detected”; ) - Not Worked
alert tcp any any ← any 1337 (msg:“LEET Detected”; ) - Not Worked
alert tcp any 1337 ← any any (msg:“LEET Detected”; ) - Not Worked
When i run the script called checksnortrule.sh at Ubuntu Desktop, it gives the message: “alert tcp any any → any 1337 (msg:“LEET Detected”; )
First rule is correct.”
Thanks