Chapter 8. Snort Rules

In This Toolbox

In this chapter you will learn how to write your own custom Snort rules. You will also learn methods of testing and optimizing the rules for speed and accuracy.

Writing Basic Rules

Snort uses a simple to learn rule format that is flexible enough to cater for even the most complex situations. Each rule comprises two logical sections, the rule header and the rule options. The header contains the appropriate action to take if the rule is triggered. Along with the protocol to match, the source and destination IP (Internet Protocol) addresses, netmasks, and the source and destination ports.

The rule options section ...

Get Nessus, Snort, and Ethereal Power Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nessus, Snort, and Ethereal Power Tools by Brian Caswell, Jay Beale, Gilbert Ramirez, Noam Rathaus

Chapter 8. Snort Rules

In This Toolbox

Writing Basic Rules

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly