[Snort-devel] Writing own rules
abhideodhar at ...2224...
Tue Feb 10 04:36:13 EST 2004
I am a novice and was trying to test Snort detecting
my own rule viz.
alert tcp $EXTERNAL_NET any -> $HOME_NET 21
According to me it should detect a packet with data
content "LIST" in it and also log or display it on
screen with some message XXX.
However, I find that snort does not detect this
"attack". Can u point out any specific reason for this
discrepancy and tell me how to debug?
Thanks in advance,
Yahoo! India Education Special: Study in the UK now.
Go to http://in.specials.yahoo.com/index1.html
More information about the Snort-devel