Question

Create a Snort Rule. You have been investigating an apparent internal attack against your company’s Windows Server 2008 file servers. Suspicious packets have been captured during routine audits. You need to configure Snort to log these suspicious files. Your internal network address is 172.20.0.0 with a subnet mask of 255.240.0.0. Your file servers’ addresses are 172.20.0.12 and 172.20.0.13. Each of these file servers is running Snort as an HIDPS. The suspicious packets have the following characteristics: ? They have come from different systems inside your network. ? The packets all include the word release between the 1000th and 1100th bytes. ? The packets use TCP as their Transport layer protocol. ? The packets appear to be trying to exploit vulnerabilities in the Windows implementation of SMB over IP.

Write 5 full paragraphs. Please do not copy/paste from old Chegg answers or word from word using websites unless cited. No uploaded paper sheet answers.

Answer 1

You have to compose a manage to be incorporated into the tenets registry of every serevers grunt establishment. These two guidelines must be particular as convenciable with the goal that the framework logs just the bundle that meet the marks of suspicious system movement. The packets used to correct the " convenciable inward 5mb over IP Assault ." You should perform examine the past the extent of this part to locate the required data and make the principles.