Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: v2.1 config question

From: "Dave Randolph" <drandolph () nstarbank com>
Date: Tue, 16 Mar 2004 10:10:59 -0600
It sounds like what you really want to do is view your webserver logs. If you have control of the server that would be 
the best thing to do to find these things out, imho.


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Rich
Adamson
Sent: Tuesday, March 16, 2004 7:39 AM
To: Snort Users Postings
Subject: [Snort-users] v2.1 config question



snort v2.1.1 monitoring an Internet Banking web server (port 80 and
443 only allowed through firewall)...

Is there a way to configure snort (by itself) to watch for a certain
url (that triggers the start of a 443 session), AND, watch for the
443 session startup from the same client source address, THEN, cause
an alert to be logged?

Simply looking for a way to log IP addresses of regular Internet Banking
users. Presumably over some period of time, a usage database could be
built that could be used to identify potential hacking attempts. (The
server is in a rather small rural setting where the users tend to be
coming from nearby IP addresses, and I fully undertand ISP IP addressing
issues.)

Thoughts?

Rich




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
#####################################################################################

This email has been scanned by MailMarshal, an email content filter. 
Please contact Administrator () nstarbank com if you have any questions or 
comments. Thank you.
#####################################################################################


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: