我配置了snort规则来检测ping和tcp
alert icmp any any -> any any (msg:"ping";sid:10000001;rev:0;)
如何配置snort规则以检测http,https和电子邮件?
答案 0 :(得分:3)
Snort规则检测http:
alert tcp any any -> any 80 (content:"HTTP"; msg:"http test"; sid:10000100; rev:005;)
Snort规则检测https:
alert tcp any any -> any 443 (content:"HTTPS"; msg:"https test"; sid:10000101; rev:006;)