[Snort-devel] Writing own rules

abhijit deodhar abhideodhar at ...2224...
Tue Feb 10 04:36:13 EST 2004


I am a novice and was trying to test Snort detecting
my own rule viz.

alert tcp $EXTERNAL_NET any -> $HOME_NET 21

to ftp.rules

According to me it should detect a packet with data
content "LIST" in it and also log or display it on
screen with some message XXX.
	However, I find that snort does not detect this
"attack". Can u point out any specific reason for this
discrepancy and tell me how to debug?

Thanks in advance,


Yahoo! India Education Special: Study in the UK now.
Go to http://in.specials.yahoo.com/index1.html

More information about the Snort-devel mailing list