PrepAway - Latest Free Exam Questions & Answers

Which of the following snort rules look for FTP root login attempts?

Which of the following snort rules look for FTP root login attempts?

PrepAway - Latest Free Exam Questions & Answers

A.
alert tcp -> any port 21 (msg:”user root”;)

B.
alert tcp -> any port 21 (message:”user root”;)

C.
alert ftp -> ftp (content:”user password root”;)

D.
alert tcp any any -> any any 21 (content:”user root”;)

Explanation:
The snort rule header is built by defining action (alert),protocol (tcp),from IP subnet
port (any any),to IP subnet port (any any 21),Payload Detection Rule Options (content:”user root”;)

One Comment on “Which of the following snort rules look for FTP root login attempts?


Leave a Reply