SHARE
TWEET

Snort / Suricata rules

James_inthe_box Feb 1st, 2019 (edited) 493 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 02/01-11:05:06.363492  [**] [1:10000042:1] SYN RST packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 202.182.104.162:0 -> x.x.x.x.37:0
  2. 02/01-12:44:08.100349  [**] [1:10000042:1] SYN RST packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 202.182.104.162:0 -> x.x.x.x.37:0
  3. 02/01-13:54:58.093373  [**] [1:10000097:1] SYN FIN packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 202.182.104.162:0 -> x.x.x.x.26:0
  4. 02/01-13:54:58.093373  [**] [1:10000043:1] SYN PSH packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 202.182.104.162:0 -> x.x.x.x.26:0
  5. 02/01-13:54:58.093373  [**] [1:10000042:1] SYN RST packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 202.182.104.162:0 -> x.x.x.x.26:0
  6. 02/01-14:10:56.792363  [**] [1:10000097:1] SYN FIN packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 202.182.104.162:0 -> x.x.x.x.15:0
  7. 02/01-14:39:07.647543  [**] [1:10000097:1] SYN FIN packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 108.61.96.106:0 -> x.x.x.x:0
  8.  
  9.  
  10.  
  11. alert tcp $EXTERNAL_NET 0 -> $HOME_NET 0 (msg:"SYN RST packet"; flow:stateless; flags:SR+; classtype:bad-unknown; sid:10000042; rev:1;)
  12. alert tcp $EXTERNAL_NET 0 -> $HOME_NET 0 (msg:"SYN PSH packet"; flow:stateless; flags:SP+; classtype:bad-unknown; sid:10000043; rev:1;)
  13. alert tcp $EXTERNAL_NET 0 -> $HOME_NET 0 (msg:"SYN FIN packet"; flow:stateless; flags:SF+; classtype:bad-unknown; sid:10000097; rev:1;)
  14. alert tcp $EXTERNAL_NET 0 -> $HOME_NET 0 (msg:"FIN PSH URG packet"; flow:stateless; flags:FPU; classtype:bad-unknown; sid:10000098; rev:1;)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top