Upload files to "snort rule"

This commit is contained in:
KzAtharX 2024-07-17 10:50:44 +07:00
parent b6e134215e
commit 9821283d7b
2 changed files with 28 additions and 0 deletions

10
snort rule/local.rules Normal file
View File

@ -0,0 +1,10 @@
alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:1000002; rev:1; classtype:icmp-event;)
alert tcp any any -> $HOME_NET 80 (msg:"Web connection attempt"; sid:1000003; rev:1;)
alert tcp any any -> $HOME_NET 9090 (msg:"Web connection attempt"; sid:1000004; rev:1;)
alert tcp any any -> $HOME_NET 1100 (msg:"SSH connection attempt"; sid:1000005; rev:1;)
#alert tcp any any -> $HOME_NET any (msg:"TCP Port Scanning"; sid:1000005; rev:2; detection_filter:track by_dst, count 10, seconds 1;)
#alert udp any any -> $HOME_NET any (msg:"Testing UDP alert "; sid:1000006; rev:1)
#alert tcp any any -> $HOME_NET any (msg:"Testing TCP alert "; sid:1000007; detection_filter:track by_dst, count 10, seconds 5;)
#alert tcp any any -> $HOME_NET any (msg:"Testing TCP alert "; sid:1000007; rev:1;)
alert tcp any any -> $HOME_NET 80 (flags: S; msg:"Possible DDoS Attack Type : SYN flood"; flow:stateless; sid:3; detection_filter:track by_dst, count 20, seconds 10;)
alert tcp any any -> $HOME_NET 9090 (flags: S; msg:"Possible DDoS Attack Type : SYN flood"; flow:stateless; sid:3; detection_filter:track by_dst, count 20, seconds 10;)

18
snort rule/nmap.rules Normal file
View File

@ -0,0 +1,18 @@
alert icmp any any -> $HOME_NET any (msg: "NMAP ping sweep Scan"; dsize:0;sid:10000006; rev: 1;)
alert tcp any any -> $HOME_NET any (msg: "NMAP XMAS Tree Scan"; flags:FPU;sid:10000008; rev: 3;)
alert tcp any any -> $HOME_NET any (msg: "NMAP FIN Scan"; flags:F;sid:10000009; rev: 4;)
alert tcp any any -> $HOME_NET any (msg: "NMAP NULL Scan"; flags:0;sid:100000010; rev: 5;)
alert udp any any -> $HOME_NET any (msg: "NMAP UDP Scan";sid:100000011; rev: 6;)
# TCP SYN
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN"; flags:S; sid:11000001; rev:1;)
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN/ACK"; flags:SA; sid:11000002; rev:1;)
alert tcp any any <> 192.168.110.246 any (msg:"TCP RST"; flags:R; sid:11000004; rev:1;)
alert icmp any any <> 192.168.110.246 any (msg:"ICMP Destination Unreachable"; itype:3; sid:1100005; rev:1;)
# TCP Connect Scan
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN"; flags:S; sid:11100001; rev:1;)
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN/ACK"; flags:SA; sid:11100002; rev:1;)
#alert tcp any any <> 192.168.110.246 any (msg:"TCP ACK"; flags:A; sid:11100003; rev:1;)
alert tcp any any <> 192.168.110.246 any (msg:"TCP RST/ACK"; flags:RA; sid:11100005; rev:1;)
alert icmp any any <> 192.168.110.246 any (msg:"ICMP Destination Unreachable"; itype:3; sid:1110005; rev:1;)