IDS (Instrusion Detect System)_ snort 새로운 rule 등록
- 실습에서 확인한 내용 확인 ping 12/22-19:24:45.524410 [**] [1:366:7] ICMP PING *NIX [**] [Classification: Misc activity] [Priority: 3] {ICMP} 192.168.27.1 -> 192.168.27.134 ( IDS )# cd /etc/snort# find . -type f -name "*.rules" -exec fgrep -l 'ICMP PING *NIX' {} \; ./rules/icmp-info.rules # fgrep 'ICMP PING *NIX' ./rules/icmp-info.rules alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING *NIX"; ..
