Question

Please help me ASAP

Practice Writing Snort Rules" 54_Server Write a rule that will detect UDP traffic from any IP any port going to IP address 192.168.0.54 any port and print the Message "54 Server has been hit! using SID 9000001 Practico Writing Snort RuiosANRC . Write a rule that will detect TCP traffic from any IP any port going to any IP any port with the content ANRC" in it. MSG:"ANRC spotted!" SID 9000002 UDP-21 -, Write a rule that will detect UDP traffic from external IP addresses on any port going to internal IP Addresses on Port 2 SEXTERNAL NET and SHOME NET. MSS:"UD port 21 detected!" SID: 90000m ciable Names "Practice Writing Snort Rules" TCP_Binary Write a rule that will detect TCP traffic going either direction to or from an external IP address using any port going to or from an internal IP address on any port with the binary pattern 5468 AF9C27320 MSG."Bad Binary SD 9g0004 "Practice Writing Snort Rules* MS_Off Write a rule that will detect TCP traffic from any IP any port going to any IP any port with the word "microsoft" starting right after byte 16 MSG:"MS Off" SID: 9000006

Answer 1

#RULE 1

alert udp any any -> 192.168.0.54 any (msg: "54 Server has been hit!"; sid:9000001;)

#RULE 2

alert tcp any any -> any any (content: "ANRC"; msg: "ANRC spotted"; sid:9000002;)

#RULE 3

alert udp $EXTERNAL_NET any -> $HOME_NET 21 (msg: "UDP port 21 detected!"; sid:9000003;)

#RULE 4

alert tcp $EXTERNAL_NET any <-> $HOME_NET any (content: "|5468AF69C27320|"; msg:"Bad Binary!"; sid:9000004;)

#RULE 6

alert tcp any any -> any any (msg: "MS_OFF"; content:"microsoft"; offset:16; sid:9000006;)

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)