Which of the following describes the best custom signature for detecting the use of the word
“Fortinet” in chat applications?
A.
The sample packet trace illustrated in the exhibit provides details on the packet that
requires detection. F-SBID( –protocol tcp; –flow from_client; –pattern “X-MMS-IM-Format”;
–pattern “fortinet”; — no_case; )
B.
F-SBID( –protocol tcp; –flow from_client; –pattern “fortinet”; –no_case; )
C.
F-SBID( –protocol tcp; –flow from_client; –pattern “X-MMS-IM-Format”; –pattern
“fortinet”; — within 20; –no_case; )
D.
F-SBID( –protocol tcp; –flow from_client; –pattern “X-MMS-IM-Format”; –pattern
“fortinet”; — within 20; )
Explanation: