Chapter 8. Snort Rules

In This Toolbox

In this chapter you will learn how to write your own custom Snort rules. You will also learn methods of testing and optimizing the rules for speed and accuracy.

Writing Basic Rules

Snort uses a simple to learn rule format that is flexible enough to cater for even the most complex situations. Each rule comprises two logical sections, the rule header and the rule options. The header contains the appropriate action to take if the rule is triggered. Along with the protocol to match, the source and destination IP (Internet Protocol) addresses, netmasks, and the source and destination ports.

The rule options section ...

Get Nessus, Snort, and Ethereal Power Tools now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.