![snort logo](/images/snort-logo.png)
Snort mailing list archives
RE: v2.1 config question
From: "Dave Randolph" <drandolph () nstarbank com>
Date: Tue, 16 Mar 2004 10:10:59 -0600
It sounds like what you really want to do is view your webserver logs. If you have control of the server that would be the best thing to do to find these things out, imho. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Rich Adamson Sent: Tuesday, March 16, 2004 7:39 AM To: Snort Users Postings Subject: [Snort-users] v2.1 config question snort v2.1.1 monitoring an Internet Banking web server (port 80 and 443 only allowed through firewall)... Is there a way to configure snort (by itself) to watch for a certain url (that triggers the start of a 443 session), AND, watch for the 443 session startup from the same client source address, THEN, cause an alert to be logged? Simply looking for a way to log IP addresses of regular Internet Banking users. Presumably over some period of time, a usage database could be built that could be used to identify potential hacking attempts. (The server is in a rather small rural setting where the users tend to be coming from nearby IP addresses, and I fully undertand ISP IP addressing issues.) Thoughts? Rich ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ##################################################################################### This email has been scanned by MailMarshal, an email content filter. Please contact Administrator () nstarbank com if you have any questions or comments. Thank you. ##################################################################################### ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- v2.1 config question Rich Adamson (Mar 16)
- <Possible follow-ups>
- RE: v2.1 config question Dave Randolph (Mar 16)