[Solved] Organization Deployed Following Snort Rule Organization Boundary Alert Tcp Sqlservers 139 Q37247231
Please provide an explanation of your answer.
An organization has deployed the following SNORT rule at the organization boundary: alert tcp <source address> <source port?->$SQL_SERVERS 139 (msg:”SERVER-MSSQL xp_sprintf possible buffer overflow”; flow:to_server,established; content:”x100 plOO_1001s100Ipl00Ir1001i100Inj00ltj0olfloo”.offset 32,nocase; metadata:ruleset community reference:bugtraq, 1204; reference:url,technet.microsoft.com/en-us/security/bulletin/MS01-060; classtype:attempted-user; sid:695; rev:14;) What should the <source address> and <source port> be? O SEXTERNAL NET $SQL_PORTS O $EXTERNAL_NET 139 O None of the above. ( $INTERNAL-NET $SQL-PORTS O SEXTERNAL_NET ANY Show transcribed image text An organization has deployed the following SNORT rule at the organization boundary: alert tcp $SQL_SERVERS 139 (msg:”SERVER-MSSQL xp_sprintf possible buffer overflow”; flow:to_server,established; content:”x100 plOO_1001s100Ipl00Ir1001i100Inj00ltj0olfloo”.offset 32,nocase; metadata:ruleset community reference:bugtraq, 1204; reference:url,technet.microsoft.com/en-us/security/bulletin/MS01-060; classtype:attempted-user; sid:695; rev:14;) What should the and be? O SEXTERNAL NET $SQL_PORTS O $EXTERNAL_NET 139 O None of the above. ( $INTERNAL-NET $SQL-PORTS O SEXTERNAL_NET ANY
Expert Answer
Answer to An organization has deployed the following SNORT rule at the organization boundary: alert tcp $SQL_SERVERS 139 (msg:”SER… . . .
OR
