Snort Rules: Ep.5 – Fake Tech Support Popup

Question

I have been stuck on Question 5 for a while now.

Create a Snort rule to detect connections to this IP address from 10.1.9.101 on port 49349, then submit the token.

Does this IP refer to IP in the previous question? If so, I have tried so many different rules but one worked.

netcat · Answer

Write a Snort rule to detect connections between the IP address identified in the previous question on any port and IP address 10.1.9.101 on port 49349 (both directions).

Forum Discussion

Snort Rules: Ep.5 – Fake Tech Support Popup

Related Content

How can I reach the Immersive Labs Support team for help?

How to Answer a Question

How to Ask a Question

Re: How Will I Be Able To Prove My Skills Through The Platform?

Re: How Do I Evidence My Progress In Cyber Million?

Recent Discussions

Threat Research: Dependency Confusion Q8

WinDbg: Ep.2 – Walking Windows Structures

Kubernetes: Secrets

IAM: Demonstrate Your Skills - Developer access (2/3)

Introduction to encryption help