[SOLVED] Which part of the attack signatures (SNORT Rules) is compared with the input IPV4 packet to know it is an attack or not?

MSAKARIM · Dec 31, 2020

In the Intrusion Detection System (Network-based).
Which part of the attack signatures (SNORT Rules) is compared with the input IPV4 packet to know it is an attack or not

finlay31 · Feb 19, 2021

Yes. I do have the same doubt. Can anyone help?

MSAKARIM · Mar 1, 2021

finlay31 said:
Yes. I do have the same doubt. Can anyone help?

I found it, the "content" part of the rule is compared with each part in the payload.

[SOLVED] Which part of the attack signatures (SNORT Rules) is compared with the input IPV4 packet to know it is an attack or not?

MSAKARIM

Full Member level 3

finlay31

Newbie level 4

MSAKARIM

Full Member level 3

Similar threads

[SOLVED] Which part of the attack signatures (SNORT Rules) is compared with the input IPV4 packet to know it is an attack or not?

MSAKARIM

Full Member level 3

finlay31

Newbie level 4

MSAKARIM

Full Member level 3

Similar threads

Privacy & Transparency

Privacy & Transparency