PrepAway - Latest Free Exam Questions & Answers

Study the snort rule given below and interpret the rule.alert tcp any any –> 192.168.1.0/24 111 (cont

Study the snort rule given below and interpret the rule.

alert tcp any any –> 192.168.1.0/24 111 (content:”|00 01 86 a5|”; msg: “mountd access”;)

PrepAway - Latest Free Exam Questions & Answers

A.
An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

B.
An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

C.
An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

D.
An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet

Explanation:
Refer to the online documentation on creating Snort rules at http://snort.org/docs/snort_htmanuals/htmanual_261/node147.html

One Comment on “Study the snort rule given below and interpret the rule.alert tcp any any –> 192.168.1.0/24 111 (cont


Leave a Reply