Chapter 8. Snort Rules
In This Toolbox
In this chapter you will learn how to write your own custom Snort rules. You will also learn methods of testing and optimizing the rules for speed and accuracy.
Writing Basic Rules
Snort uses a simple to learn rule format that is flexible enough to cater for even the most complex situations. Each rule comprises two logical sections, the rule header and the rule options. The header contains the appropriate action to take if the rule is triggered. Along with the protocol to match, the source and destination IP (Internet Protocol) addresses, netmasks, and the source and destination ports.
The rule options section ...
Get Nessus, Snort, and Ethereal Power Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.