Snort mailing list archives
Question about rules
From: Ricardo Barbosa <ricardobarbosams () yahoo com br>
Date: Wed, 27 Jan 2010 02:52:08 -0300
Hello I am entering the world of IPs and began to test and learn snort, but I have a question about creating rules. I I was reading the snort manual in PDF file and has a chapter of writing rules, following the documentation I created a rule as down alert tcp any any -> 10.0.0.0/8 80 (content:"test_rule"; msg: "TEST HTTP";) assembled a network with virtualbox with the following topology 10.0.0.0/8(.2) <---> (.1) snort (.1) <---> 20.0.0.0/8(.2) I put a web server (apache) on 10.0.0.2 and created the following html <html> <body> <h1> teste_rule</h1> </body> </html> and from the machine 20.0.0.2 try to access this page through snort, looking at the above rule should not generate an alert in the file /var/log/snort/alert?? Can someone help me where I'm missing? Regards, __________________________________________________ Faça ligações para outros computadores com o novo Yahoo! Messenger http://br.beta.messenger.yahoo.com/
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about rules Ricardo Barbosa (Jan 26)
- <Possible follow-ups>
- Re: Question about rules Ricardo Barbosa (Jan 27)
- Re: Question about rules Matt Olney (Jan 27)
- Re: Question about rules Ricardo Barbosa (Jan 27)
- Re: Question about rules Matt Olney (Jan 27)
- Re: Question about rules Ricardo Barbosa (Jan 27)
- Re: Question about rules Joel Esler (Jan 27)
- Re: Question about rules Ricardo Barbosa (Jan 27)