Which of the following rules are correct for this situation:
You are configuring Snort rules and want an alert message of "Attempted FTP" on any FTP packet originating from an outside IP and destined for one of your internal hosts.

A alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:″Attempted FTP″)

explanation

The syntax for Snort rules is the same: action protocol src address src port -> dest address port (options).

Take more free practice tests for other PASSEMALL topics with our ceh training now!

Comments