Snort rules are the conditions specified by a Network Administrator that differentiate between normal Internet activities and malicious activities. Snort rules are made up of two basic parts:

* Rule header: This is the part of any rule where the rule’s actions are identified. Alert, Log, Pass, Activate, Dynamic, etc. are some important actions used in snort rules.
* Rule options: This is the part of any rule where the rule’s alert messages are identified.

For example: A Network Administrator has written the following rule:

Alert tcp any -> any 6667 (msg:”IRC port in use”; flow:from_client)

The first portion of the rule specifies the action, which is to examine port 6667 traffic. If a match occurs, a message should be generated that reads “IRC port is in use”, and the IDS would create a record that an IRC port might have been accessed.

Explore More

You’ve Hired a Hacker (Section 4)

Section 4: Stimulus and response 4.1: My hacker did something good, and I want to reward him. Good! Here are some of the things most hackers would like to receive

Read More

FEMA Phones Get Hacked

If you are going to hack a phone system, do you really want to hack the Department of Homeland Security? That’s what happened this weekend when someone made hundreds of

Read More

Hacked Information and Proof of Concept @ PlanetCreator.net

“Hacking” In this category, We’re going to post Hacker’s proof-of-concept. Unless you know how to hack, you can not defend yourself from hackers. We’ll know how hack hacks and how

Read More