92
Chapter 3     Working with Snort Rules
#
# This allows alerts to be classified and prioritized.  You can specify
# what priority each classification has.  Any rule can override the 
default
# priority for that rule.
#
# Here are a few example rules:
# 
#   alert TCP any any  > any 80 (msg: "EXPLOIT ntpdx overflow"; 
#       dsize: > 128; classtype:attempted admin; priority:10;
#
#   alert TCP any any  > any 25 (msg:"SMTP expn root"; flags:A+; \
#             content:"expn root"; nocase; classtype:attempted recon;)
#
# The first rule will set its type to "attempted admin" and override 
# the default priority for that type to 10.
#
# The second rule set its type to "attempted recon" and set its
# priority to the default for that type.
# 
#
# config classification:shortname,short description,priority
#
config classification: not suspicious,Not Suspicious Traffic,3
config classification: unknown,Unknown Traffic,3
config classification: bad unknown,Potentially Bad Traffic, 2
config classification: attempted recon,Attempted Information Leak,2
config classification: successful recon limited,Information Leak,2
config classification: successful recon largescale,Large Scale 
Information Leak,2
config classification: attempted dos,Attempted Denial of Service,2
config classification: successful dos,Denial of Service,2
config classification: attempted user,Attempted User Privilege Gain,1
config classification: unsuccessful user,Unsuccessful User Privilege 
Gain,1
config classification: successful user,Successful User Privilege Gain,1
config classification: attempted admin,Attempted Administrator 
Privilege Gain,1
config classification: successful admin,Successful Administrator 
Privilege Gain,1
# NEW CLASSIFICATIONS
config classification: rpc portmap decode,Decode of an RPC Query,2
config classification: shellcode detect,Executable code was detected,1






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved