Results 1 to 2 of 2
Hi Im trying to write some rules for a project, one of the problems is to implement a rule that will detect an administrator login an ftp server in my ...
- 11-17-2010 #1Just Joined!
- Join Date
- Nov 2010
- Posts
- 1
Help with snort rules
Hi Im trying to write some rules for a project, one of the problems is to implement a rule that will detect an administrator login an ftp server in my network for an outside intruder. I know how to write the basic rule to detect an outside access of pot 21 in my network , but struggling to implement the intruder trying as admin
plz help driving me nuts
thank you
- 11-18-2010 #2Just Joined!
- Join Date
- Nov 2009
- Posts
- 53
Off the top of my head, I can't tell you. However, let's look at what you need to do.
You have the rule that detects the remote connect request to port 21 right? You need to get hold of what username is subsequently being used for the login. having got it, look it up in /etc/passwd and see if it either root's id or in the same group as root.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts