Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » General Chat » Challenge rules

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Challenge rules


Posted by parish175 on October 05, 2007 15:44:18

Any ideas are welcome. Using snort on windows version 2.6
I have tried a couple of things but no luck. log file stays empty.

1. Outgoing packets (from local computer) that contains contents ‘warez’. message ‘warez.’
4. All HTTP traffic to and from piratebay.com. Your message should indicate ‘Piratebay.com”.
2. All packets sent from local computer to broadcast address (255.255.255.255). Message “Broadcast address.”

3. All incoming DNS traffic from "X" address. Message should indicate ‘DNS’.
4. Any packets with destination MAC: 3d:3d:4b:56:3d:44. message: ‘Holy crap this is difficult!”

5. All TCP traffic with a source port of 49887. Your message should indicate ‘source port 49887.’
6. All TCP packets sent to local computer that have RST and ACK flags set. Your message should indicate “RST/ACK.”


Posted by pstar on October 11, 2007 06:00:12

Hi Parish175.

Interesting that this EXACTLY the same exercise as I am using for my Computer and Network Security course.

I certainly hope that you are NOT on my students as the syllabus clearly states the consequences for cheating.

If you are not one of my students, my apologies. If you are in my class ...

Posted by Ilene on October 11, 2007 08:55:29

Hmm.. Interesting.. So someone posted the same exact questions presented in your class!?!?

You kinda have to ask yourself then, are you doing your job in teaching your students sufficiently?

Let's face it, most people who take info sec type classes, are doing so because they WANT to learn, not because it was a pre-req to move on to the next higher math class or something... So perhaps the course material presented in your classroom has not sufficiently prepared everyone?

Just a thought... Someone once said, no such thing as bad student, only bad teacher... Of course, whoever said that probably had not dealt with some of the gun toting thugs in schools today! lol...
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.