Snort mailing list archives

Previous By Date Next
Previous By Thread Next

file upload detection.

From: Rajeev Kapoor <raj_kap99 () yahoo com>
Date: Thu, 15 Apr 2004 11:25:51 -0700 (PDT)
Hi snorters
i am new to snort. i would like to write the rule that can alert me whenever any user from local intranet is uploading 
a file with extension , say, .zip  .. one obvious way is to look for .zip in content of packets. but the problem is 
that let say some user searches for "download music.zip " then it will match the rule. i just want that snort should 
alert whenever someone is uploading zip file...the soltion could be to monitor the entire session and if http post 
request contains ".zip" file then it should alert. 
i want the above desired rule to be written for http,ftp and smtp.
any idea???
rajeev kapoor
raj_kap99 () yahoo com



                
---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
Previous By Date Next
Previous By Thread Next

Current thread: