19 lines
1.4 KiB
Plaintext
19 lines
1.4 KiB
Plaintext
alert icmp any any -> $HOME_NET any (msg: "NMAP ping sweep Scan"; dsize:0;sid:10000006; rev: 1;)
|
|
alert tcp any any -> $HOME_NET any (msg: "NMAP XMAS Tree Scan"; flags:FPU;sid:10000008; rev: 3;)
|
|
alert tcp any any -> $HOME_NET any (msg: "NMAP FIN Scan"; flags:F;sid:10000009; rev: 4;)
|
|
alert tcp any any -> $HOME_NET any (msg: "NMAP NULL Scan"; flags:0;sid:100000010; rev: 5;)
|
|
alert udp any any -> $HOME_NET any (msg: "NMAP UDP Scan";sid:100000011; rev: 6;)
|
|
|
|
# TCP SYN
|
|
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN"; flags:S; sid:11000001; rev:1;)
|
|
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN/ACK"; flags:SA; sid:11000002; rev:1;)
|
|
alert tcp any any <> 192.168.110.246 any (msg:"TCP RST"; flags:R; sid:11000004; rev:1;)
|
|
alert icmp any any <> 192.168.110.246 any (msg:"ICMP Destination Unreachable"; itype:3; sid:1100005; rev:1;)
|
|
|
|
# TCP Connect Scan
|
|
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN"; flags:S; sid:11100001; rev:1;)
|
|
alert tcp any any <> 192.168.110.246 any (msg:"TCP SYN/ACK"; flags:SA; sid:11100002; rev:1;)
|
|
#alert tcp any any <> 192.168.110.246 any (msg:"TCP ACK"; flags:A; sid:11100003; rev:1;)
|
|
alert tcp any any <> 192.168.110.246 any (msg:"TCP RST/ACK"; flags:RA; sid:11100005; rev:1;)
|
|
alert icmp any any <> 192.168.110.246 any (msg:"ICMP Destination Unreachable"; itype:3; sid:1110005; rev:1;)
|