Consider the following Snort rule used for examining TCP/IP packet. alert 10.2.3

Question

Consider the following Snort rule used for examining TCP/IP packet.

            alert 10.2.3.1 25 -> 192.168.1.0 111

            (content:"|00 ff 86 a5|"; msg: "ls -l";)

Answer true or false for the following statements:

The rule will be triggered when the destination IP address is 10.2.3.1 ____

The rule will match if the source port is 25 _________

The rule will be triggered if the packet’s has the directory listing command (ls –l). ___

The rule cannot check if any “mountd” command is present in a packet. ____

Explanation / Answer

False. 10.2.3.1 is the source ip address.

True yes it will match if port is 25.

False

True

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.