Which of the following snort rules look for FTP root login attempts?
The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:''user root'';)
Currently there are no comments in this discussion, be the first to comment!