Priority 0 0504 095352923922 0050045B645B 00104BE2658E type0x800 len0x52

Priority 0 0504 095352923922 0050045b645b

This preview shows page 4 - 7 out of 7 pages.

[Priority: 0] 05/04-09:53:52.923922 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x52 192.168.1.5:32569 -> 192.168.10.2:53 TCP TTL:254 TOS:0x0 ID:420 IpLen:20 DgmLen:68 DF ******** Seq: 0x1A4 Ack: 0x1A4 Win: 0x200 TcpLen: 20
Image of page 4
Rule #5 Snort alert rule: alert udp 192.168.1.5 any -> 192.168.10.2 53 (msg:"Alert DNS with /sh"; content:"/sh"; sid: 1) Suspicious information in packet that I want to alert: “/sh” Snort alert output: [**] [1:1:0] Alert DNS with /sh [**] [Priority: 0] 05/04-09:53:52.777745 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x40 192.168.1.5:53 -> 192.168.10.2:53 UDP TTL:254 TOS:0x0 ID:82 IpLen:20 DgmLen:50 DF Len: 22 [**] [1:1:0] Alert DNS with /sh [**] [Priority: 0] 05/04-09:53:52.845315 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x40 192.168.1.5:53 -> 192.168.10.2:53 UDP TTL:254 TOS:0x0 ID:86 IpLen:20 DgmLen:50 DF Len: 22 [**] [1:1:0] Alert DNS with /sh [**] [Priority: 0] 05/04-09:53:52.715830 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x40 192.168.1.5:53 -> 192.168.10.2:53 UDP TTL:254 TOS:0x0 ID:90 IpLen:20 DgmLen:50 DF Len: 22
Image of page 5
Rule #6 Snort alert rule: alert TCP 192.168.1.5 any -> 192.168.10.2 22 (msg:"Alert TCP with AAAA"; content:"AAAA"; sid: 1) Suspicious information in packet that I want to alert: “AAAA” Snort alert output: **] [1:1:0] Alert TCP with AAAA [**] [Priority: 0] 05/04-09:53:52.800369 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x23B 192.168.1.5:42069 -> 192.168.10.2:22 TCP TTL:254 TOS:0x0 ID:83 IpLen:20 DgmLen:557 DF ****PR** Seq: 0x201F Ack: 0x3992 Win: 0x200 TcpLen: 20 [**] [1:1:0] Alert TCP with AAAA [**] [Priority: 0] 05/04-09:53:52.809583 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x23B 192.168.1.5:42069 -> 192.168.10.2:22 TCP TTL:254 TOS:0x0 ID:84 IpLen:20 DgmLen:557 DF ****PR** Seq: 0x201F Ack: 0x3992 Win: 0x200 TcpLen: 20 [**] [1:1:0] Alert TCP with AAAA [**] [Priority: 0] 05/04-09:53:52.819774 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x23B 192.168.1.5:42069 -> 192.168.10.2:22 TCP TTL:254 TOS:0x0 ID:85 IpLen:20 DgmLen:557 DF ****PR** Seq: 0x201F Ack: 0x3992 Win: 0x200 TcpLen: 20 [**] [1:1:0] Alert TCP with AAAA [**] [Priority: 0] 05/04-09:53:52.670939 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x23B 192.168.1.5:42069 -> 192.168.10.2:22 TCP TTL:254 TOS:0x0 ID:87 IpLen:20 DgmLen:557 DF ****PR** Seq: 0x201F Ack: 0x3992 Win: 0x200 TcpLen: 20 [**] [1:1:0] Alert TCP with AAAA [**] [Priority: 0] 05/04-09:53:52.680196 00:50:04:5B:64:5B -> 00:10:4B:E2:65:8E type:0x800 len:0x23B 192.168.1.5:42069 -> 192.168.10.2:22 TCP TTL:254 TOS:0x0 ID:88 IpLen:20 DgmLen:557 DF ****PR** Seq: 0x201F Ack: 0x3992 Win: 0x200 TcpLen: 20
Image of page 6
Image of page 7

You've reached the end of your free preview.

Want to read all 7 pages?

  • Spring '16
  • Xia
  • User Datagram Protocol, Sid, Snort alert rule, Alert HTTP

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture