Go to the rules folder where you downloaded the VRT certified rules during your Snort install (by default on Windows, this will be C:\Snort\rules). If you have not yet installed these rules, please do so. If you have any trouble downloading the current VRT rules release package, you can retrieve them from http://polaris.umuc.edu/~sgantz/files/snortrules-2982.tar.gz on my UMUC Polaris server. In the compressed (zipped) package, you are looking for the files that end in “.rules” extensions.
Pick one of the named rules files, open it, and choose a rule. If this is your first exposure to Snort rule syntax, please note that the rules are the sometimes-cryptic looking items starting with the word “alert”. Copy the rule you pick into your response and describe what the rule means in your own words.
2nd assignment:
This session’s conference is dedicated to discussion related to the second homework assignment. As you select a “prohibited” site to use for your homework exercise, please post a topic to this conference identifying the site you have chosen and share any aspects the web site or its technical characteristics that will contribute to the way you will identify it in your rule.