Snort mailing list archives
Snort Rule Format Example
From: motahareh dehghan chachkamy <motahareh16121 () gmail com>
Date: Wed, 12 Oct 2011 23:47:08 +0330
Hi every body I have a question about this: F.2.4 Lookfreebies alert tcp 61.0.0.0/8 any -> 129.241.196.0/24 80 (content: "GET http://lookfr eebies.com/prx1.php HTTP/1.0|0D 0A|Accept: */*|0D 0A|Accept-Language: en-us |0D 0A|User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)|0D 0A |Host: lookfreebies.com|0D 0A|Connection: Keep-Alive|0D 0A 0D|"; ) what is it's concept? I just know it is snort format but I don't understand it. can you help me about this? Sincerely M.dehghan ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort Rule Format Example motahareh dehghan chachkamy (Oct 12)
- Re: Snort Rule Format Example Joel Esler (Oct 12)
- Re: Snort Rule Format Example JJ Cummings (Oct 12)
- Re: Snort Rule Format Example Martin Holste (Oct 12)
- Re: Snort Rule Format Example Joel Esler (Oct 13)
- Re: Snort Rule Format Example JJ Cummings (Oct 12)
- Re: Snort Rule Format Example Joel Esler (Oct 12)