Snort mailing list archives
writting alert rules
From: Akinwale Fasuru <fashman2k1 () yahoo com>
Date: Thu, 1 Nov 2012 15:15:37 -0700 (PDT)
Hi,
I wrote a rule for alert on visiting www.youtube.com
alert rule
alert tcp any any => any any (msg:"someone is on youtube now!"; content:"www.youtube.com"; sid:1000002;rev:1;)
Here is the response i got when i go on youtube
10/25-22:29:59.126487 [**] [129:15:1] Reset outside window [**] [Classification: Potentially Bad Traffic] [Priority:
2] {TCP} 157.56.134.97:80 -> 192.168.64.133:42987
Can somebody help pls, not sure what is wrong
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- writting alert rules Akinwale Fasuru (Nov 01)
- Re: writting alert rules Marcos Rodriguez (Nov 01)
- Re: writting alert rules Jefferson, Shawn (Nov 01)
- Re: writting alert rules Akinwale Fasuru (Nov 02)
- Re: writting alert rules waldo kitty (Nov 02)
- Re: writting alert rules waldo kitty (Nov 02)
- Re: writting alert rules Marcos Rodriguez (Nov 01)