Snort mailing list archives
Re: question for snort flow established
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 16 Mar 2013 15:00:21 -0500
On 3/16/2013 10:10, zhaojunling_20 wrote:
Dear All, I have a little question, if I installed snort on my web server<ipaddress 10.2.11.2> which has only one ethernet interface and snort inspect the interface, does "flow with option established" work or not?
yes... it has to as several tens of thousands of rules use it ;)
I have tested the below rule with ----http://10.2.11.2/test.php?user=Zango/Setup.exe, no alert arised. alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CLIENT Zango adware
what does your $HTTP_SERVERS and $HTTP_PORTS vars contain from your snort.conf??
installation request"; content:"Zango/Setup.exe";flow: to_server,established; reference:url,www.ftc.gov/os/caselist/0523130/index.shtm; classtype:policy-violation; sid:10000019; rev:3;) appreciate your help~
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- question for snort flow established zhaojunling_20 (Mar 16)
- Re: question for snort flow established waldo kitty (Mar 16)
- Re: question for snort flow established zhaojunling_20 (Mar 16)
- Re: question for snort flow established zhaojunling_20 (Mar 16)
- Re: question for snort flow established zhaojunling_20 (Mar 17)
- Re: question for snort flow established zhaojunling_20 (Mar 17)
- Re: question for snort flow established waldo kitty (Mar 18)
- Re: question for snort flow established JJ Cummings (Mar 18)
- Re: question for snort flow established waldo kitty (Mar 18)
- Re: question for snort flow established Joel Esler (Mar 18)
- Re: question for snort flow established waldo kitty (Mar 18)
- Re: question for snort flow established Jason (Mar 18)
- Re: question for snort flow established zhaojunling_20 (Mar 16)
- Re: question for snort flow established waldo kitty (Mar 16)