Snort mailing list archives
Snort daq / nfq / "content: " not working...
From: Jesko Mägle <jesko () maegle de>
Date: Fri, 30 Dec 2011 11:08:40 +0100
Hi,first of all, I want to say "Hi" to this great group. I was reading a lot of posts, and got a lot of good ideas from it... Thanks :)
But now I have a problem I can't solve on my own, maybe someone has an idea?I'm testing snort on a gentoo-machine. snort 2.9.1 to be exact. After a lot of reading and some eye-openers concerning daq I'm stuck with the following problem:
I have a rule "drop tcp any any <> any any ( msg:"Works"; sid:10000009;rev:1;)" - this rule works - just everything is dropped... Fine. In the next step i added "content: www.youtube.com"; to it - and - it doesn't work.
I use the default snort.conf from the vrt-team, i tried the gentoo-snort.conf - experimented with the http_inspect preprocessor ( read something that this might be the issue... ) - but - im stuck.
Any ideas where I can look, what I can do? Greeting, Jesko -- JESKO MÄGLE Höfinger Straße 35 D-71254 Ditzingen Telefon +49 (0) 7156 9103872 Mobil +49 (0) 172 7629270 http://www.maegle.de | jesko () maegle de <mailto:jesko () maegle de>
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort daq / nfq / "content: " not working... Jesko Mägle (Dec 30)