Study the snort rule given below and interpret the rule.
alert tcp any any –> 192.168.1.0/24 111 (content:”|00 01 86 a5|”; msg: “mountd access”;)
A.
An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
B.
An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
C.
An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
D.
An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
Explanation:
Refer to the online documentation on creating Snort rules at http://snort.org/docs/snort_htmanuals/htmanual_261/node147.html
Deference to op, some excellent selective information.
http://www.bastcilkdoptb.com/