Which of the following snort rules look for FTP root login attempts?

Which of the following snort rules look for FTP root login attempts?

Which of the following snort rules look for FTP root login attempts?

A.
alert tcp -> any port 21 (msg:"user root";)

B.
alert tcp -> any port 21 (message:"user root";)

C.
alert ftp -> ftp (content:"user password root";)

D.
alert tcp any any -> any any 21 (content:"user root";)

Explanation:
The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:"user root";)

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *