Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WRITE RULE ERROR

From: Jason Hellenthal <jhellenthal () dataix net>
Date: Mon, 23 Oct 2017 12:49:51 -0500
What is “sencond” ? I suspect this is your problem.



On Oct 23, 2017, at 09:43, nguyen cao via Snort-users <snort-users () lists snort org> wrote:

<Untitled.png>
​​I write rule snort alert this type :alert any any -> any any 
(msg:"Test";ack:1;classtype:shellcode-detect;sid;1000001;rev:1;)
and
alert any any -> any any (msg:"test2";flags:S;flow:to_server,established;detecion_filter:track by_src, count: 
5,sencond 5; classtype:shellcode-detect;sid:1000002;rev:1;)


But the 2 rules are not alert. People ask me how to write an alert rule with the above type?
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: