You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration?
alert tcp any any -> 192.168.100.0/24 21 (msg: “FTP on the network!”;)
The given rule syntax is consistent with Snort, a popular open-source Intrusion Detection System (IDS). This rule alerts when any TCP traffic from any source IP and port is sent to IPs within the 192.168.100.0/24 subnet on port 21 (FTP), triggering the alert message: “FTP on the network!”
CEH v13 course materials teach this rule format under IDS/IPS configuration.
From CEH v13 Guide:
“Snort rules are used in IDS/IPS to define suspicious traffic patterns. An example rule: alert tcp any any -> 192.168.1.0/24 21 (msg: 'FTP detected') triggers an alert on FTP traffic within a subnet.”
Incorrect Options:
A/C. IP tables are used in firewalls and routers but follow a completely different syntax.
B. FTP servers do not use such alerting rules.
Reference – CEH v13 Study Guide:
Module 12: Evading IDS, Firewalls, and Honeypots
Section: Snort IDS Configuration
===========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit