端口扫描接口_端口扫描snort规则

端口扫描接口_端口扫描snort规则

snort规则

这个嘛。你应该去看介绍snort规则的书,或者是官方手册snort manual.

snort的每一条规则分为规则头和规则体。例如第一条规则:

alert udp $EXTERNAL_NET any - $HOME_NET 161 (msg:"SNMP missing community string attempt"; content:"|04 00|"; depth:15; offset:5; metadata:service snmp; reference:bugtraq,2112; reference:cve,1999-0517; classtype:misc-attack; sid:1893; rev:6;)

159 0 2023-04-07 端口扫描