Snort mailing list archives
v2.1 config question
From: Rich Adamson <radamson () routers com>
Date: Tue, 16 Mar 2004 07:38:44 -0600
snort v2.1.1 monitoring an Internet Banking web server (port 80 and 443 only allowed through firewall)... Is there a way to configure snort (by itself) to watch for a certain url (that triggers the start of a 443 session), AND, watch for the 443 session startup from the same client source address, THEN, cause an alert to be logged? Simply looking for a way to log IP addresses of regular Internet Banking users. Presumably over some period of time, a usage database could be built that could be used to identify potential hacking attempts. (The server is in a rather small rural setting where the users tend to be coming from nearby IP addresses, and I fully undertand ISP IP addressing issues.) Thoughts? Rich ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- v2.1 config question Rich Adamson (Mar 16)
- <Possible follow-ups>
- RE: v2.1 config question Dave Randolph (Mar 16)