'[Snort-sigs] Snort rule for IPv6 Network'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] Snort rule for IPv6 Network
From:       "sumitkamboj88 () gmail ! com" <sumitkamboj88 () gmail ! com>
Date:       2013-04-18 19:35:11
Message-ID: CAHCspA_rHOfhY3XbR3uL61xBT+6vi7gaowJv8sRnP+ewLA5NEw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


There are few questions:
1) Is there different-2 rule header and rule option for both IPv4 and IPv6
for writing snort rules?
2) Is PCRE rule option works for IPv6 snort rule writing?
3) I wrote a rule for FTP brute force attack detection over IPv6 network
but it does not generating alert for both IPv4 and IPv6 networks.Rule is
below

alert tcp any 21 -> any any ( msg:"FTP Login Bruteforce(5E-30S)";
fragbits:D; flags:AP,CE; pcre:"/login:/smi"; detection_filter:track
by_src , count 5, seconds 30; classtype:attempted-user; sid:1000008; rev:1;
)

-- 
Warm Regards
Sumit Kumar
Guru Nanak Dev University, Amritsar
Mo:- 8968227299

[Attachment #5 (text/html)]

There are few questions:<br><div class="gmail_quote">1) Is there different-2 rule \
header and rule option for both IPv4 and IPv6 for writing snort rules?<br \
clear="all">2) Is PCRE rule option works for IPv6 snort rule writing?<br> 3) I wrote \
a rule for FTP brute force attack detection over IPv6 network but it does not \
generating alert for both IPv4 and IPv6 networks.Rule is below <br> <br>alert tcp any \
21 -&gt; any any ( msg:&quot;FTP Login Bruteforce(5E-30S)&quot;; fragbits:D; \
flags:AP,CE; pcre:&quot;/login:/smi&quot;; detection_filter:track <br>by_src , count \
5, seconds 30; classtype:attempted-user; sid:1000008; rev:1; )<span \
class="HOEnZb"><br> <br></span></div>-- <br>Warm Regards<br>Sumit Kumar<br>Guru Nanak \
Dev University, Amritsar<br>Mo:- 8968227299<br><br>



------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic