Luckily for you and your keyboard, rules to detect a great many of the possible acts of pure evil! out there have already been written, and Snort comes with quite a library of them. Here's a quick list:
· backdoor.rules
· ddos.rules
· dns.rules
· dos.rules
· exploit.rules
· finger.rules
· ftp.rules
· icmp.rules
· info .rules
· local.rules
· misc.rules
· netbios.rules
· policy.rules
· rpc.rules
· rservices.rules
· scan.rules
· smtp.rules
· sql.rules
· telnet.rules
· virus.rules
· web-cgi.rules
· web-coldfusion.rules
· web-frontpage.rules
· web-iis.rules
· web-misc.rules
· x11.rules
Once again, we could write an entire book on Snort. We're just trying to get you started. I won't give you details on each of these predefined collection of rules, although I will go over how to set up to use them. We'll concentrate on how you would set up Snort from scratch to use one or more of these predefined rulesets as a base for an intrusion-detection system for your network. But first, I want to give you a warning you will almost certainly ignore.