Snort mailing list archives
Fwd: Block packets using snort with pf_ring
From: Lavanya Kumar <lavanyakumar84 () gmail com>
Date: Tue, 29 Sep 2015 10:47:24 +0530
Thanks for your reply,
i have changed my rule according to your suggestion,but it doesn't
work.here is my rule.
drop tcp any any -> any any ( content : "facebook" ; msg : "Facebook is
Blocked" ; sid : 200001 ; rev : 1; resp: reset_both;)
my query is i would like to block some of the urls viz facebook,youtube,etc
..,within the network.I configured my server at router level and 1 client
machines were connected to this server. Those machines should not allowed
to access specified urls. I would like to achieve this using pf_ring
without any packet loss.
09/28-14:23:45.058089 [Drop] [**] [1:200001:1] Facebook is Blocked [**]
[Priority: 1]
i am getting this alert on the server machine but the client could access
the website.
Previously, i could achieve this using daq -nfq module.
Thanks,
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Block packets using snort with pf_ring Lavanya Kumar (Sep 27)
- Re: Block packets using snort with pf_ring Al Lewis (allewi) (Sep 28)
- Message not available
- Fwd: Block packets using snort with pf_ring Lavanya Kumar (Sep 28)
- Re: Block packets using snort with pf_ring Al Lewis (allewi) (Sep 29)
- Message not available
- Re: Block packets using snort with pf_ring Al Lewis (allewi) (Sep 28)