By taking a look at each, you'll get a basic idea of what you can do with Snort rules.
通过查看每一种类型,您将大致了解使用Snort规则可以实现哪些操作。
Really, it's good use of Snort rules that saves you the work of manual packet analysis.
实际上,使用Snort规则可以省去手工分析包的工作。
Rather than you spending hours digging into packets, you can set Snort to handle analysis, and have Snort alert you when there are problems; you do this by giving Snort a set of rules.
不需花大量时间研究包,可以对Snort进行设置来处理分析,并在发生问题时收到Snort的警报;这些功能是通过为Snort指定一组规则实现的。
Listing 8 shows all the rules files you got from the Snort site.
清单8展示了从Snort站点获得的所有规则文件。
Tell Snort what to do with rules.
告诉Snort如何使用规则?
With a default set of rules, and the tweaks required for Mac OS X implemented if you're using that platform, you're ready to fire up Snort.
具备了默认的规则集,并且对MacOSX(如果使用该平台的话)进行了调整,就可以开始启动Snort了。
Scroll down to the registered user section, where you can get a set of rules to match the release of Snort you're using; this portion of the Snort site is shown in Figure 1.
向下滚动已注册用户部分,可以找到一组匹配您所使用的Snort版本的规则集;图1显示了这部分 Snort站点。
Then, what you'll need to get Snort running is a set of rules it can load and work from.
接下来,要运行Snort需要一些可以加载和使用的规则。
Before you can write rules, you need to tell Snort to function as an IDS.
在编写规则之前,需要告诉Snort作为IDS运行。
Every time a new release of Snort comes out, a new set of "default" rules is made available to go with that release.
每当发布Snort的新版本时,将附带一组新的“默认”规则集。
While configuration is a more general set of rules about how Snort should operate, rules tell Snort what to do every time a packet comes across a network interface that Snort monitors.
虽然配置是关于Snort如何操作的更加一般化的规则集,但在包每次跨过所监视的网络接口时,规则将告诉Snort执行什么操作。
Because the types of intrusions change rapidly, Snort has a set of rules that you can download from the Snort site that details these intrusions and allows Snort to look for them.
由于入侵的类型不断迅速变化,Snort有一组规则,您可从Snort的站点下载这些规则,它们详细阐述了这些入侵,允许Snort观察入侵。
So for each potentially intrusive connection, Snort needs a rule (or rules that cover multiple related intrusions).
因此对于每一个可能的入侵连接,Snort 都需要使用一条规则(或涵盖多个相关入侵的规则)。
Snort has several standard rules files, with predetermined names and functions. If you open the snort.conf.
Snort提供了一些标准规则文件,具有预定义的名称和函数。
Snort has several standard rules files, with predetermined names and functions. If you open the snort.conf.
Snort提供了一些标准规则文件,具有预定义的名称和函数。
应用推荐