Snort (스노트)

Snort (스노트)
정규표현식 (PCRE) 펄 호환 정규표현식

Rule Header

# Actions, Protocls, Sip, Sport, Dip, Dport, Options

1. Rule Actions : Alert(탐지), Drop,Reject(차단), Pass(미탐), Log(기록)
2. Protocols : TCP,UDP,ICMP,IP,ANY
3. IP Address : Any, !192.168.1.0/24, 192.168.1.1
4. Port Numbers : Any, 80, 80:110
5. Direction Operator : ->, <>

예)
alert tcp any any -> any 80(msg:"Snort Test";content:"GET";)
alert tcp any any -> any 81:65535 (content:"snort_test";)