Posted by: Pdfprep
Post Date: February 11, 2021
Which of the following snort rules look for FTP root login attempts?
A . alert tcp -> any port 21 (msg:"user root";)
B . alert tcp -> any port 21 (message:"user root";)
C . alert ftp -> ftp (content:"user password root";)
D . alert tcp any any -> any any 21 (content:"user root";)
Answer: D
Explanation:
The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:”user root”;)