{"id":364,"date":"2011-06-16T06:19:52","date_gmt":"2011-06-16T15:19:52","guid":{"rendered":"\/blog\/?p=364"},"modified":"2023-09-21T09:38:56","modified_gmt":"2023-09-21T00:38:56","slug":"snort-signature-structure","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=364","title":{"rendered":"snort signature structure"},"content":{"rendered":"\n<br \/>\n\n<div id=\"view_content\">\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ucd9c\ucc98 : <a href=\"http:\/\/blog.naver.com\/misman95\/80041665451\" target=\"_blank\" ca_clicked=\"0\" rel=\"noopener\">http:\/\/blog.naver.com\/misman95\/80041665451<\/a><br \/>\n<br \/>\n<br \/>\n<strong>\uc2dc\uadf8\ub124\ucc98\uc758<\/strong><\/span><strong><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uad6c\uc870<\/span><\/strong><span style=\"line-height: 115%; font-family: 'Tahoma','sans-serif'; font-size: 9pt;\"><o:p><\/o:p><\/span><\/p>\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\">Snort<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> rules<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub77c\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud655\uc7a5\uc790\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac00\uc9c4<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud30c\uc77c\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ub418\uc5b4<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc788\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc774<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud45c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">1<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uacfc<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac19\uc740<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uad6c\uc870\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub418\uc5b4<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc788\uc5b4<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 1<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud589\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 1<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac1c\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<o:p><\/o:p><\/span><\/p>\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub8f0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud5e4\ub354\uc640<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub8f0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc635\uc158\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 2<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac00\uc9c0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc139\uc158\uc73c\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubd84\ub958\ub41c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub8f0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud5e4\ub354\uc5d0\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ucc98\ub9ac<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubc29\ubc95<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud504\ub85c\ud1a0\ucf5c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, IP<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc8fc\uc18c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud3ec\ud2b8<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubc88\ud638<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub4f1\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ucc98\ub9ac<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub300\uc0c1\uc73c\ub85c\uc11c\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud310\ub2e8<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc900\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub8f0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc635\uc158\uc5d0\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> alert <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uba54\uc2dc\uc9c0\ub098<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud328\ud0b7<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub0b4\ubd80\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc870\uc0ac<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub0b4\uc6a9\uc744<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud45c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">1<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uacfc<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac19\uc774<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc804\ubd80<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 8<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac1c\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubd84\ub958\ub41c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub610\ud55c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub8f0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc635\uc158<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubd80\ubd84\uc740<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ud558\uc9c0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc54a\uc544\ub3c4<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc815\ub2f9\ud55c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc778\uc2dd\ub41c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac01<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubd80\ubd84\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ud574\uc57c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud560<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub0b4\uc6a9\uc744<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud45c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">1<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubc88\ud638\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub530\ub77c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud574\uc124\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<br \/>\n<br \/>\n<img decoding=\"async\" style=\"cursor: pointer;\" onclick=\"image_window(this)\" name=\"target_resize_image[]\" src=\"http:\/\/chonnom.com\/data\/\/1006\/622038071_3e92a780_snort1_00000.jpg\" tmp_height=\"291\" tmp_width=\"585\"><br \/>\n<\/span><\/p>\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"><br \/>\n<br \/>\n\u2460<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> action<br \/>\naction<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc5d0\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud328\ud0b7<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ucc98\ub9ac<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubc29\ubc95\uc744<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> alert, log, pass, activate, dynamic <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc911\uc5d0\uc11c<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 1<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac1c\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc9c0\uc815\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac01\uac01\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> action<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc758\ubbf8\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud45c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">2<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc640<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac19\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<br \/>\ndynamic <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub2e8\ub3c5\uc73c\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub3d9\uc791\ud558\uc9c0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc54a\uace0<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, activate<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc2dc\uadf8\ub124\ucc98\uac00<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc788\uc5b4\uc57c\ub9cc<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">(<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc11c\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc0c1\ubc18\uad00\uacc4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">). Activate<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc640<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> dynamic<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc740<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud655\uc7a5\ub41c<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> tag<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub77c\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub8f0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc635\uc158\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc758\ud574<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uce58\ud658\ub418\ubbc0\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc0ac\uc6a9\ud558\uc9c0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc54a\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac83\uc774<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc88b\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<br \/>\n<br \/>\n<img decoding=\"async\" style=\"cursor: pointer;\" onclick=\"image_window(this)\" name=\"target_resize_image[]\" src=\"http:\/\/chonnom.com\/data\/\/1006\/622038071_ca5f3558_snort1_00001.jpg\" tmp_height=\"147\" tmp_width=\"585\"><br \/>\n<br \/>\n<\/span><\/p>\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\u2461<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\">protocol<br \/>\nprotocol<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc5d0\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud328\ud0b7\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud504\ub85c\ud1a0\ucf5c\uc744<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> tcp, udp, icmp, ip <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc911\uc5d0\uc11c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc120\ud0dd\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<br style=\"\"><br style=\"\"><o:p><\/o:p><\/span><\/p>\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\u2462\u2465<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> IP address<br \/>\nIP address<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc5d0\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\u2462\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc1a1\uc2e0\uc790<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\u2465\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc218\uc2e0\uc790\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> IP<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc8fc\uc18c\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc9c0\uc815\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc784\uc758\uc758<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> IP<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc8fc\uc18c\uc778<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> any<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc9c0\uc815\ud560<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc218\ub3c4<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc788\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. IP<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc8fc\uc18c\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 192.168.0.24<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc640<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac19\uc740<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud615\uc2dd\uc73c\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub137\ub9c8\uc2a4\ud06c\ub3c4<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud568\uaed8<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc9c0\uc815\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud2b9\uc815<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud638\uc2a4\ud2b8\ub9cc<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc9c0\uc815\ud558\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uacbd\uc6b0\uc5d0\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 10.1.1.20\/32<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc640<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac19\uc774<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub137\ub9c8\uc2a4\ud06c\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> 32 <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ube44\ud2b8\ub85c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<br \/>\n<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub3d9\uc2dc\uc5d0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc5ec\ub7ec<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> IP<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc8fc\uc18c\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc9c0\uc815\ud558\ub294<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uacbd\uc6b0<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, 192.168.0.0\/24, 10.0.0.0\/8<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uacfc<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac19\uc740<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ud615\uc2dd\uc744<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc0ac\uc6a9\ud558\uba74<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub41c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. !192.168.0.0\/24<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc640<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uac19\uc774<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ud558\uba74<\/span><span style=\"line-height: 115%; font-size: 9pt;\"> not 192.168.0.0\/24<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc758\ubbf8\ud558\uac8c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub41c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<br \/>\n<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub610\ud55c<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, snort.conf<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc5d0\uc11c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc9c0\uc815\ud55c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ubcc0\uc218\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ucc38\uc870\ud560<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc218\ub3c4<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc788\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">. <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc608\ub97c<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub4e4\uc5b4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, HOME_NET<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uc744<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ucc38\uc870\ud558\ub824\uba74<\/span><span style=\"line-height: 115%; font-size: 9pt;\">, $HOME_NET<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\ub77c\uace0<\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\"> <\/span><span style=\"line-height: 115%; font-size: 9pt;\" lang=\"KO\">\uae30\uc220\ud55c\ub2e4<\/span><span style=\"line-height: 115%; font-size: 9pt;\">.<br \/>\n<br \/>\n\u2463\u2466 port<br \/>\nport\uc5d0\ub294 \uc1a1\uc218\uc2e0\uc790\uc758 \ud3ec\ud2b8 \ubc88\ud638\ub97c \uc9c0\uc815\ud55c\ub2e4. \ud558\ub098\ub9cc \uc9c0\uc815\ud558\ub294 \uacbd\uc6b0\uc5d0\ub294 25\ub098 80\uacfc \uac19\uc774 \uc218\uce58\ub97c \uae30\uc785\ud55c\ub2e4. \ucf5c\ub860(:)\uc744 \uc0ac\uc6a9\ud558\uba74 \ud3ec\ud2b8 \ubc94\uc704\ub97c \uc9c0\uc815\ud560 \uc218 \uc788\ub2e4. \uc608\ub97c \ub4e4\uc5b4, 1:1024\ub77c\uace0 \uae30\uc220\ud55c \uacbd\uc6b0, 1~1024\uae4c\uc9c0\uc758 \ud3ec\ud2b8 \ubc88\ud638\ub97c \uc9c0\uc815\ud558\uac8c \ub41c\ub2e4. :500(500\ubc88 \uc774\ud558\uc758 \ubaa8\ub4e0 \ud3ec\ud2b8), 6000:(6000\ubc88 \uc774\uc0c1\uc758 \ubaa8\ub4e0 \ud3ec\ud2b8)\uc640 \uac19\uc774 \uc9c0\uc815\ud560 \uc218\ub3c4 \uc788\ub2e4.<br \/>\nIP\uc8fc\uc18c\uc640 \ub3d9\uc77c\ud558\uac8c \uc5ec\uae30\uc5d0\uc11c\ub3c4 any(\uc784\uc758\uc758 \ud3ec\ud2b8)\ub098 !(\uc9c0\uc815\ud55c \uc774\uc678\uc758 \ud3ec\ud2b8)\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4.<\/span><\/p>\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\">\u2464 direction<br \/>\ndirection\uc5d0\ub294 \ud328\ud0b7\uc758 \ubc29\ud5a5\uc744 \ub098\ud0c0\ub0b4\ub294 \uae30\ud638\ub97c \uc9c0\uc815\ud55c\ub2e4. -&gt;\ub97c \uc9c0\uc815\ud558\uba74 \uc88c\uce21\uc774 \uc1a1\uc2e0\uc790 IP\uc8fc\uc18c, \uc6b0\uce21\uc774 \uc218\uc2e0\uc790 IP\uc8fc\uc18c\uc784\uc744 \uc758\ubbf8\ud55c\ub2e4.<br \/>\n&lt;&gt;\ub294 \uc1a1\uc218\uc2e0\uc790 \uad6c\ubcc4 \uc5c6\uc774 \uc9c0\uc815\ud55c IP\uc8fc\uc18c \uc0ac\uc774\uc758 \ubaa8\ub4e0 \ud328\ud0b7\uc774 \ub300\uc0c1\uc774 \ub41c\ub2e4.<\/span><\/p>\n<p style=\"margin: 0in 0in 10pt;\" class=\"MsoNormal\"><span style=\"line-height: 115%; font-size: 9pt;\">\u2467 option<br \/>\noption\uc5d0 \uc9c0\uc815\ud560 \uc218 \uc788\ub294 \ub8f0 \uc635\uc158\uc740 \ub9e4\uc6b0 \ub9ce\uc73c\ubbc0\ub85c, \uc790\uc8fc \uc0ac\uc6a9\ub418\ub294 \uac83\ub9cc \ud574\uc124\ud55c\ub2e4(\ud45c3). \ubaa8\ub4e0 \uc635\uc158\uc5d0 \uad00\ud55c \uc124\uba85\uc740 Snort\uc6f9\uc0ac\uc774\ud2b8\ub97c \ucc38\uc870\ud558\ub77c.<br \/>\n<br \/>\n<img decoding=\"async\" style=\"cursor: pointer;\" onclick=\"image_window(this)\" name=\"target_resize_image[]\" src=\"http:\/\/chonnom.com\/data\/\/1006\/622038071_916846c7_snort1_00002.jpg\" tmp_height=\"191\" tmp_width=\"585\"><br \/>\n<br \/>\n<\/span><\/p>\n<p><o:p>\u00b7msg<br \/>\n\uc9c0\uc815\ud55c \uba54\uc2dc\uc9c0\uac00 alert\ubc1c\uc0dd\uc2dc\ub098 \ub85c\uadf8 \ubcf4\uc874\uc2dc\uc5d0 \uc774\ubca4\ud2b8\uba85\uc73c\ub85c\uc11c \uc0ac\uc6a9\ub41c\ub2e4.<\/o:p><\/p>\n<p><o:p>\u00b7dsize<br \/>\n\ud328\ud0b7\uc758 \ud398\uc774\ub85c\ub4dc \ud06c\uae30\ub97c \ud655\uc778\ud558\uace0, \uc0ac\uc774\uc988\uc758 \ubc94\uc704\ub098 \uc0c1\ud558\ud55c\uc744 \uc9c0\uc815\ud560 \uc218 \uc788\ub2e4. \uc608\ub97c \ub4e4\uc5b4, dsize: 400&lt;&gt;500; \uc774\ub77c\uace0 \ud558\uba74, 400\ubc14\uc774\ud2b8\uc5d0\uc11c 500\ubc14\uc774\ud2b8\uc758 \ud398\uc774\ub85c\ub4dc \ud06c\uae30\ub97c \uac16\ub294 \ud328\ud0b7\uc744 \uc9c0\uc815\ud558\uac8c \ub41c\ub2e4.<br \/>\ndsize\uc635\uc158\uc744 \uc9c0\uc815\ud558\uba74 \uac04\ub2e8\ud788 \ubc84\ud37c \uc624\ubc84\ud50c\ub85c\uc6b0\ub97c \uac10\uc2dc\ud560 \uc218 \uc788\ub2e4.<\/o:p><\/p>\n<p><o:p>\u00b7content<br \/>\ncontent\ub294 \uac00\uc7a5 \uc911\uc694\ud55c \ub8f0 \uc635\uc158\uc73c\ub85c, \ud328\ud0b7\uc758 \ud398\uc774\ub85c\ub4dc \ub0b4\ubd80\ub97c \uac80\uc0c9\ud558\ub294 \ubb38\uc790\uc5f4\uc744 \uc9c0\uc815\ud55c\ub2e4.<br \/>\n\uac80\uc0c9 \ubb38\uc790\uc5f4\uc5d0\ub294 \ud14d\uc2a4\ud2b8 \ub370\uc774\ud130\uc640 \ubc14\uc774\ub108\ub9ac \ub370\uc774\ud130\ub97c \uc9c0\uc815\ud560 \uc218 \uc788\ub2e4. \ud14d\uc2a4\ud2b8 \ub370\uc774\ud130\uc758 \uacbd\uc6b0\uc5d0\ub294 \ub2e8\uc21c\ud788 \uac80\uc0c9\ud560 \ubb38\uc790\uc5f4\uc744 \uc9c0\uc815\ud558\uba74 \ub41c\ub2e4. \ubc14\uc774\ub108\ub9ac \ub370\uc774\ud130\uc758 \uacbd\uc6b0\uc5d0\ub294 16\uc9c4\uc218\ub85c \ud45c\uc2dc\ud55c \ub370\uc774\ud130\ub97c \"|\" \ub85c \ub458\ub7ec \uc300 \ud544\uc694\uac00 \uc788\ub2e4. \ub610\ud55c, \ud14d\uc2a4\ud2b8 \ub370\uc774\ud130\ub294 \ub9e4\uce6d\ud560 \ub54c\uc5d0 \ub300\uc18c\ubb38\uc790 \uad6c\ubcc4\ud558\ub294 \uac83\uc5d0 \uc8fc\uc758\ud55c\ub2e4.<\/o:p><\/p>\n<p><o:p>\ud14d\uc2a4\ud2b8\uc778 \uacbd\uc6b0&nbsp;&nbsp;&nbsp;&nbsp; content: \"\/bin\/sh\";<br \/>\n\ubc14\uc774\ub108\ub9ac\uc778 \uacbd\uc6b0&nbsp; content: \" | 00 01 02 AA AB FF |\";<br \/>\n\ud63c\ud569\uc2dc\ud0a8 \uacbd\uc6b0&nbsp;&nbsp;&nbsp;&nbsp; content: \" | 90 90 90 | \/bin\/sh\";<\/o:p><\/p>\n<p><o:p>\u00b7offset<br \/>\ncontent\uc635\uc158\uc5d0\uc11c \uc9c0\uc815\ud55c \ubb38\uc790\uc5f4\uc758 \uac80\uc0c9 \uac1c\uc2dc \uc704\uce58\uc758 \uc635\uc14b\uc744 \uc9c0\uc815\ud55c\ub2e4.<\/o:p><\/p>\n<p><o:p>\u00b7depth<br \/>\n\ud328\ud134 \ub9e4\uce6d\uc744 \uc2e4\uc2dc\ud560 \ud398\uc774\ub85c\ub4dc\uc758 \uae4a\uc774\ub97c \uc9c0\uc815\ud55c\ub2e4. \uc0c1\ud55c\uc744 \uc124\uc815\ud558\ub294 \uac83\uc774\ubbc0\ub85c, \ub9e4\uce6d \ucc98\ub9ac\uc758 \ubd80\ud558\ub294 \uacbd\uac10\ub418\uc9c0\ub9cc, \uc81c\ud55c\uc744 \uc5c4\uaca9\ud558\uac8c \ud558\uba74 false negative\uac00 \ubc1c\uc0dd\ud558\uae30 \uc27d\ub2e4.<\/o:p><\/p>\n<p><o:p>\u00b7nocase<br \/>\n\ud14d\uc2a4\ud2b8 \ub370\uc774\ud130\uc758 \ud328\ud134 \ub9e4\uce6d\uc744 \ud560 \ub54c\uc5d0 \ub300\ubb38\uc790\uc640 \uc18c\ubb38\uc790\uc758 \uad6c\ubcc4\uc744 \ud558\uc9c0 \uc54a\ub294\ub2e4. \ubcf4\ud1b5 \ud14d\uc2a4\ud2b8 \ub370\uc774\ud130\uc758 \ud328\ud134 \ub9e4\uce6d\uc740 \ub300\ubb38\uc790\uc640 \uc18c\ubb38\uc790\ub97c \uad6c\ubcc4\ud558\uae30 \ub54c\ubb38\uc5d0 \uc774\uac83\uc744 \ub178\ub9b0 \uacf5\uaca9\uc744 \uac80\uc9c0\ud560 \uc218 \uc5c6\ub294 \uac00\ub2a5\uc131\uc774 \uc788\ub2e4. nocase\uc635\uc158\uc744 \uc9c0\uc815\ud558\uba74 \uc774\uc640 \uac19\uc740 \ubbf8\uac80\ucd9c\uc744 \ub9c9\uc744 \uc218 \uc788\ub2e4.<\/o:p><\/p>\n<p><o:p>\u00b7flags<br \/>\n\ud328\ud0b7\uc5d0 \uc124\uc815\ub418\uc5b4 \uc788\ub294 TCP\ud50c\ub798\uadf8\ub97c \uc9c0\uc815\ud55c\ub2e4(\ud45c4). \ubcf5\uc218\uc758 \uac12\uc744 \uc124\uc815\ud558\ub294 \uacbd\uc6b0\uc5d0\ub294 flags: FS; \uc640 \uac19\uc774 \ub098\uc5f4\ud55c\ub2e4. \ub610\ud55c +(or), *(and), !(not) \ub4f1\uc758 \ud30c\ub77c\ubbf8\ud130\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4.<\/o:p><\/p>\n<p><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ucd9c\ucc98 : http:\/\/blog.naver.com\/misman95\/80041665451 \uc2dc\uadf8\ub124\ucc98\uc758 \uad6c\uc870 Snort\uc758 \uc2dc\uadf8\ub124\ucc98\ub294 rules\ub77c\ub294 \ud655\uc7a5\uc790\ub97c \uac00\uc9c4 \ud30c\uc77c\uc5d0 \uae30\uc220\ub418\uc5b4 \uc788\ub2e4. \uc774 \uc2dc\uadf8\ub124\ucc98\ub294 \ud45c1\uacfc \uac19\uc740 \uad6c\uc870\ub85c \ub418\uc5b4 \uc788\uc5b4 1\ud589\uc5d0 1\uac1c\uc758 \uc2dc\uadf8\ub124\ucc98\ub97c \uae30\uc220\ud55c\ub2e4. \uc2dc\uadf8\ub124\ucc98\ub294 \ub8f0 \ud5e4\ub354\uc640 \ub8f0 \uc635\uc158\uc758 2\uac00\uc9c0 \uc139\uc158\uc73c\ub85c \ubd84\ub958\ub41c\ub2e4. \ub8f0 \ud5e4\ub354\uc5d0\ub294 \ucc98\ub9ac \ubc29\ubc95, \ud504\ub85c\ud1a0\ucf5c, IP\uc8fc\uc18c, \ud3ec\ud2b8 \ubc88\ud638 \ub4f1\uc758 \ucc98\ub9ac \ub300\uc0c1\uc73c\ub85c\uc11c\uc758 \ud310\ub2e8 \uae30\uc900\ub97c \uae30\uc220\ud55c\ub2e4. \ub8f0 \uc635\uc158\uc5d0\ub294 alert \uba54\uc2dc\uc9c0\ub098 \ud328\ud0b7 \ub0b4\ubd80\uc758 \uc870\uc0ac \ub0b4\uc6a9\uc744 \uae30\uc220\ud55c\ub2e4. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[12],"tags":[],"class_list":["post-364","post","type-post","status-publish","format-standard","hentry","category-computing_security"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=364"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/364\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}