312-50V13 · Question #69
You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/
The correct answer is D. An Intrusion Detection System. The provided string is a rule written in a specific syntax used by network intrusion detection and prevention systems to identify and respond to suspicious network traffic. This syntax, particularly the alert action and msg keyword, is characteristic of Snort, a widely used open-
Question
Options
- AA firewall IPTable
- BFTP Server rule
- CA Router IPTable
- DAn Intrusion Detection System
How the community answered
(47 responses)- A2% (1)
- B6% (3)
- C13% (6)
- D79% (37)
Why each option
The provided string is a rule written in a specific syntax used by network intrusion detection and prevention systems to identify and respond to suspicious network traffic. This syntax, particularly the `alert` action and `msg` keyword, is characteristic of Snort, a widely used open-source Intrusion Detection System.
A firewall IPTable rule, commonly used in Linux, has a different syntax and structure (e.g., `iptables -A INPUT -p tcp --dport 21 -j DROP`), and does not typically include an `alert` action or `msg` field in this manner.
An FTP server rule would relate to the server's configuration (e.g., user permissions, directory access) and not to network traffic monitoring with an `alert` action or `msg` field.
A Router IPTable rule (or Access Control List) also has a different syntax focused on permitting or denying traffic flow, similar to a firewall, without the `alert` and `msg` components found in an IDS rule.
The syntax `alert tcp any any -> 192.168.100.0/24 21 (msg: "FTP on the network!";)` is a classic example of a Snort rule. Snort is an open-source Intrusion Detection System (IDS) that uses such rules to monitor network traffic for patterns that indicate malicious activity and then trigger an alert.
Concept tested: IDS rule syntax (Snort)
Source: https://www.snort.org/documents/snort-users-manual
Topics
Community Discussion
No community discussion yet for this question.