![[SOLVED] Cs/pubp-6261/8803 project 4: ids signature project fall25](https://assignmentchef.com/wp-content/uploads/2022/08/downloadzip.jpg)
In each of these scenarios, come up with a Suricata signature that would match the traffic. Assume that HOME_NET, EXTERNAL_NET and HTTP_PORTS are correctly defined. Assume no other variables are defined. For each item write one rule and use the item number as the sid.
1) You have been alerted that 27.43.100.29 is on a threat list as targeting web services. Write a signature that alerts on accesses from this host to any local web service.
2) Your organization recently noticed that malicious actors were scanning for phpMyAdmin at “/phpMyAdmin/scripts/setup.php” on our web servers. The scan engine did not set a User-Agent. Write an alert for whenever an external host tries to fetch that URI without a User-Agent set. Test with http.pcapDownload http.pcap
3) A few years ago a phishing attack was launched where the attacker got multiple users to add a malicious service as a trusted service on their Google account. The attack required the victim to click on a link to “https://accounts.google.com/o/oauth2/auth”. Write a signature that finds all email with a link to that address. Test with smtp.pcapDownload smtp.pcap
4) [Extra credit] You are looking for data inside the friends lists on Yahoo! Messenger packets. The protocol is documented here: http://libyahoo2.sourceforge.net/ymsg-9.txt (Links to an external site.). Write a rule that will identify Yahoo messenger packets with a service of 00 f1 (this replaced YAHOO_SERVICE_LIST at some undocumented point in ancient history). You can test this against ymsg2.pcap Download ymsg2.pcap.
Your submission is a text entry which should exactly match what would be stored in a rules file. You can test your rules at https://mzfrri3b1j.execute-api.us-east-1.amazonaws.com/ . Links to an external site. Please note that earlier sids can affect later sids (so if sid 1 matches all traffic it might make sid 4 not work). A well written submission should match all 3 (or 4) questions.
Important Notes:
Suricata Resources
![[SOLVED] ME5311 Data-driven Engineering and Machine Learning PROJECT](https://assignmentchef.com/wp-content/uploads/2022/08/downloadzip-1200x1200.jpg)
Reviews
There are no reviews yet.