Snort mailing list archives
Re: web-misc robots.txt will not go away
From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Thu, 14 Nov 2002 18:00:51 -0800
you might want to see if your including "experimental" rules as well.. it has some sigs in there for
robots.txt.experimental.rules:127: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC robots.txt access"; flow:to_server,established; uricontent:"/robots.txt"; nocase; reference:nessus,10302; classtype:web-application-activity; sid:1852; rev:1;)
Hope that Helps - Albert Charles McGraw wrote:
Running my Snort in IDS mode I've deleted the web-misc.rules file and commented out the snort.conf file. however it still picks up and logs all the webmisc robots.txt access.Please someone how do I stop this menace... Info: Running snort 1.9.0 on a win32 box using the following cmd line snort -de -l \log -h (Home_Net) -c snort.conf. basically taken directly from the user guide pdf...
-- The secret to success is to start from scratch and keep on scratching. -------------------------------------------------------This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- web-misc robots.txt will not go away Charles McGraw (Nov 14)
- Re: web-misc robots.txt will not go away Alberto Gonzalez (Nov 14)
- Re: web-misc robots.txt will not go away Jens Krabbenhoeft (Nov 14)
- Re: web-misc robots.txt will not go away Matt Kettler (Nov 14)