[Snort-devel] [ snort-Support Requests-1109269 ] some rules don't work

SourceForge.net noreply at ...12...
Wed Jan 26 05:21:01 EST 2005


Support Requests item #1109269, was opened at 2005-01-25 18:21
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=203357&aid=1109269&group_id=3357

Category: None
Group: None
Status: Open
Priority: 5
Submitted By: stenka (stenka)
Assigned to: Nobody/Anonymous (nobody)
Summary: some rules don't work

Initial Comment:
Hi,

I read on this forum that some people had the same
problem as me, but I couldn't find any solution.

I want to receive an alert when there is some porn
traffic on my network.
I activated the basic porn rules. It doesn't work at
all when I surf on website using the keywords of the
porn rules.

I don't understand because : my PC's are behind a
linksys router, using segments of the same speed ; when
I sniff the network with Ethereal, it is all ok :
source and destination ip adresses, port and HTML
content ; I think my configuration of snort is correct
(but I can't really make sure for now) because I
receive some alerts concerning external ip adresses (as
sources).

I configured the variables as above :
var HOME_NET 192.168.1.0/24
var ETERNAL_NET !$HOME_NET

So Snort can't read in the HTML frame ? Why not ?

I worry because if such a simple thing as detecting
porn HTML content doesn't work, it must be the same for
more things and my implementation of Snort must be useless.

Really, your help would be great.

Thanks in advance.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=203357&aid=1109269&group_id=3357




More information about the Snort-devel mailing list