Re: web-misc robots.txt will not go away

[Alberto Gonzalez <ag-snort () cerebro violating us>]

you might want to see if your including "experimental" rules as well.. 
it has some sigs in there for
robots.txt.

experimental.rules:127: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 
$HTTP_PORTS (msg:"WEB-MISC robots.txt access"; 
flow:to_server,established; uricontent:"/robots.txt"; nocase; 
reference:nessus,10302; classtype:web-application-activity; sid:1852; 
rev:1;)

Hope that Helps

   - Albert

Charles McGraw wrote:

> Running my Snort in IDS mode I've deleted the web-misc.rules file and 
> commented out the snort.conf file. however it still picks up and logs 
> all the webmisc robots.txt access.
>
> Please someone how do I stop this menace...
>
> Info:
>
> Running snort 1.9.0 on a win32 box using the following cmd line
>
> snort -de -l \log -h (Home_Net) -c snort.conf.
>
> basically taken directly from the user guide pdf...

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users