Snort mailing list archives
Re: ftp rules
From: santhoj san <santhojirulappan () gmail com>
Date: Fri, 23 Oct 2015 10:05:34 +0530
Ya I tried with drop. Still it is not dropping the packets. I used the below rule drop tcp any any -> any any (msg:"No chrome"; appid:chrome; sid:10000004; rev:001;) drop tcp any any -> any any (msg:"No skype"; appid:skype; sid:10000005; rev:001;) Still I am able to access chrome, skype. Thanks & Regards Santhoj Irulappan On Fri, Oct 23, 2015 at 12:50 AM, Adonis Okpidi <adonisokpidi () gmail com> wrote:
You can use 'drop' instead of 'alert' Best Regards, Adonis Okpidi On 22 Oct 2015, at 18:28, santhoj san <santhojirulappan () gmail com> wrote: Hi, Can anyone help me in how to make a rule to drop the packets. Thanks & Regards Santhoj Irulappan On Thu, Oct 22, 2015 at 9:12 PM, Adam Ring <adam.ring () aocsolutions com> wrote:Yea I just found out about the protocol-ftp rules. Thanks. *From:* Joel Esler (jesler) [mailto:jesler () cisco com] *Sent:* Thursday, October 22, 2015 11:42 AM *To:* Adam Ring *Cc:* snort-sigs () lists sourceforge net *Subject:* Re: [Snort-sigs] ftp rules Take a look at protocol-ftp.rules -- *Joel Esler* Manager, Talos Group On Oct 22, 2015, at 8:55 AM, Adam Ring <adam.ring () AocSolutions com <adam.ring () aocsolutions com>> wrote: Hi I am new to snort and was trying to create an ftp rule. I have downloaded the rules from the website, but in the ftp file there aren’t any rules in there. I was wondering if that was supposed to be empty and if it is, is there a place where I can go to find some examples of ftp rules? *Adam Ring* IT Help Desk Techniction Office 703.677.9540 AOC Solutions <http://www.aocsolutions.com/> | Solutions That Pay® Blog <http://www.aocsolutions.com/blog> | Video <http://www.aocsolutions.com/ap-payment-automation-video> | LinkedIn <https://www.linkedin.com/company/139025?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1436380782168%2Ctas%3Aaoc%20solutions> *<image001.png>* <http://www.aocsolutions.com/about-aoc/aoc-in-the-news/aoc-named-top-workplace-by-washington-post> This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and attachments (if applicable) and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and strictly prohibited. You may be subject to confidentiality restrictions in an existing contract with AOC Solutions, Inc. As a result, you must protect the contents of this communication according to such terms and conditions. ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and attachments (if applicable) and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and strictly prohibited. You may be subject to confidentiality restrictions in an existing contract with AOC Solutions, Inc. As a result, you must protect the contents of this communication according to such terms and conditions. ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- ftp rules Adam Ring (Oct 22)
- Re: ftp rules Al Lewis (allewi) (Oct 22)
- Re: ftp rules Joel Esler (jesler) (Oct 22)
- Re: ftp rules Adam Ring (Oct 22)
- Re: ftp rules santhoj san (Oct 22)
- Re: ftp rules Adonis Okpidi (Oct 22)
- Re: ftp rules santhoj san (Oct 22)
- Re: ftp rules Adonis Okpidi (Oct 23)
- Re: ftp rules santhoj san (Oct 23)
- Re: ftp rules Al Lewis (allewi) (Oct 23)
- Re: ftp rules santhoj san (Oct 26)
- Re: ftp rules Al Lewis (allewi) (Oct 26)
- Re: ftp rules santhoj san (Oct 26)
- Re: ftp rules Adam Ring (Oct 22)