Snort Rules: Ep.5 – Fake Tech Support Popup

Question

I have been stuck on Question 5 for a while now.

Create a Snort rule to detect connections to this IP address from 10.1.9.101 on port 49349, then submit the token.

Does this IP refer to IP in the previous question? If so, I have tried so many different rules but one worked.

netcat · Accepted Answer

Write a Snort rule to detect connections between the IP address identified in the previous question on any port and IP address 10.1.9.101 on port 49349 (both directions).

Forum Discussion

Snort Rules: Ep.5 – Fake Tech Support Popup

Related Content

How can I reach the Immersive Labs Support team for help?

How to Answer a Question

How to Ask a Question

Re: How Will I Be Able To Prove My Skills Through The Platform?

Re: How Do I Evidence My Progress In Cyber Million?

Recent Discussions

Open Source Intelligence (OSINT): Cached and Archived Websites (10/10) - Archive from March 22nd 2010 is redirecting to March 21st

error in "Git Security: SSH Keys" lab

PowerShell Basics: Demonstrate Your Skills question 11/12

Microsoft Sentinel SOAR: Playbooks Issue

DCM 24