References
129
  Use a number to identify a rule with the help of the sid keyword.
  If the vulnerability is known, always use a reference to a URL where more
information can be found using the reference keyword.
  Always use the rev keyword in rules to keep a record of different rule versions.
In addition, you should always try to write rules that are generalized and are able
to detect multiple variations of an attack. Usually bad guys use the same tools with little
modifications for different purposes. Good rules can and should be able to detect these
variations.
3.13 References
1. Classless Inter Domain Routing or CIDR. RFC 1519 at http://www.rfc edi 
tor.org/rfc/rfc1519.txt
2. Transmission Control Protocol RFC 793 at http://www.rfc editor.org/rfc/
rfc793.txt
3. User Datagram Protocol RFC 768 at http://www.rfc editor.org/rfc/rfc768.txt
4. The nmap at it web site http://www.nmap.org
5. The Internet Protocol RFC 791 at http://www.rfc editor.org/rfc/rfc791.txt
6. The Internet Control Message Protocol at http://www.rfc editor.org/rfc/
rfc792.txt
7. Assigned Numbers RFC 1700 at http://www.rfc editor.org/rfc/rfc1700.txt
8. Oinkmaster at http://www.algonet.se/~nitzer/oinkmaster/
9. Open NMS at http://www.opennms.org
10. Internet Corporation for Assigned Names and Numbers (ICANN) at http://
www.icann.org
11. The arachnids web site at http://www.whitehats.com/info/IDS
12. The securityfocus mailing list archive at http://online.securityfocus.com/
archive/1






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved