Understanding Snort Rules – ‚alert udp any any -> any 67‘ Message „Possible DHCP server“ will alert if a TCP packet is sent from any source to any destination on port 67 potentially indicating a DHCP server this rule can be used to identify and alert on potential DHCP server activity on the network « IT Solutions Technology Blog

Understanding Snort Rules – ‚alert udp any any -> any 67‘ Message „Possible DHCP server“ will alert if a TCP packet is sent from any source to any destination on port 67 potentially indicating a DHCP server this rule can be used to identify and alert on potential DHCP server activity on the network

05/07-10:15:17.565258 [**] [1:527:8] BAD-TRAFFIC same SRC/DST [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 0.0.0.0:68 -> 255.255.255.255:67

root@rpi-iot-jsho-snort-02:~# vi .swatchrc
ignore /0.0.0.0:68 -> 255.255.255.255:67/
watchfor /Priority\: [1-3]/
echo=normal
mail=js@dpsolution.de,subject=[SNORT] Priority [1-3] Alert

This entry was posted on Mittwoch, Mai 7th, 2025 at 10:18 and is filed under Administration, Network Info, Security Solution. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.