TCPdump & Snort - Intrusion Detection Systems
TCPdump & Snort - Intrusion Detection Systems
TCPdump & Snort - Intrusion Detection Systems
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Visual Examples<br />
FTP security problem with site exec command<br />
content:"SITE"; nocase; content:"EXEC"; nocase; distance:0;<br />
53 49 54 45 20 20 20 20 45 58 45 43 SITE EXEC<br />
20 2F 62 69 6E 2F 73 68 /bin/sh<br />
Checking how much and which data follows<br />
content:"SITE"; nocase; content:!"|0a|"; within:50;<br />
53 49 54 45 20 SITE<br />
<strong>TCPdump</strong> & <strong>Snort</strong> Thomas Fischer February 3, 2010 Page 30