TCPdump & Snort - Intrusion Detection Systems
TCPdump & Snort - Intrusion Detection Systems
TCPdump & Snort - Intrusion Detection Systems
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Visual Examples<br />
FTP security problem with site exec command<br />
content:"SITE"; nocase; content:"EXEC"; nocase; distance:0;<br />
53 49 54 45 20 20 20 20 45 58 45 43 SITE EXEC<br />
20 2F 62 69 6E 2F 73 68 /bin/sh<br />
Checking how much and which data follows<br />
content:"SITE"; nocase; content:!"|0a|"; within:50;<br />
53 49 54 45 20 SITE<br />
<strong>TCPdump</strong> & <strong>Snort</strong> Thomas Fischer February 3, 2010 Page 30