Home page logo
/

snort logo Snort mailing list archives

Snort rule for IPv6 Network
From: "sumitkamboj88 () gmail com" <sumitkamboj88 () gmail com>
Date: Fri, 19 Apr 2013 00:53:11 +0530

There are few questions:
1) Is there different-2 rule header and rule option for both IPv4 and IPv6
for writing snort rules?
2) Is PCRE rule option works for IPv6 snort rule writing?
3) I wrote a rule for FTP brute force attack detection over IPv6 network
but it does not generating alert for both IPv4 and IPv6 networks.Rule is
below

alert tcp any 21 -> any any ( msg:"FTP Login Bruteforce(5E-30S)";
fragbits:D; flags:AP,CE; pcre:"/login:/smi"; detection_filter:track
by_src , count 5, seconds 30; classtype:attempted-user; sid:1000008; rev:1;
)

-- 
Warm Regards
Sumit Kumar
Guru Nanak Dev University, Amritsar
Mo:- 8968227299
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
  • Snort rule for IPv6 Network sumitkamboj88 () gmail com (Apr 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]