flexresp question/help

["Ronneil Camara" <ronneilc () remingtonltd com>]

I have just rebuilt my snort with flexresp.

I actually edited one rule in web-iis.rules.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (resp: rst_all;
msg:"WEB-IIS CodeRed v2 root.exe access"; flags: A+;
uricontent:"scripts/root.
exe?"; nocase; classtype:web-application-attack; sid: 1256; rev:2;)

How will I know if this is working?

Neil

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users