Re: porno rules

[Bryan Irvine <bryan.irvine () kingcountyjournal com>]

I've figured it out.

I changed this "flow:to_client,established;" to this "flags:A+;"

I'm very new to snort. I installed it for the first time right before
2.0-release came out.  What do these 2 options do?

--Bryan

On Tue, 2003-04-29 at 12:49, Bryan Irvine wrote:
> I'm having problems with my porn.rules        
>
> I'm trying to test it out, but no matter what I type in google for my
> search criteria it always comes back the same.
> alt.binaries.pictures.erotica
>
> even if I type in "nude cheerleader"  I've even tried commenting out
> that lines but then I don't get any reports whatsoever.
>
> I just upgraded it to version 2 thinking maybe that was the problem.
>
> and after commenting out the "preprocessor asn1_decode" line i didn't
> get any errors and it's running and sniffing but still didn't work.
>
> Any ideas?
>
> --Bryan
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users