[Snort-openappid] OPENAPPID Custom rules to block globoplay not working

O C snort at outlook.com
Tue May 29 13:22:44 EDT 2018


Was the custom detector "globoplay" created? Otherwise the custom rule is referencing an unidentified AppID detector, and no matches will happen.

YM
________________________________
From: Snort-openappid <snort-openappid-bounces at lists.snort.org> on behalf of RECIMERO CESAR Fabre via Snort-openappid <snort-openappid at lists.snort.org>
Sent: Tuesday, May 29, 2018 8:03 PM
To: snort-openappid at lists.snort.org
Subject: [Snort-openappid] OPENAPPID Custom rules to block globoplay not working


Hi guys!

I’m trying to block the “globoplay”, but I’m not having success on pfsense 2.4.3-p1. Follows the custom rule in:

Snort Interfaces -> LAN Rules -> Category Selection: custom.rules

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:“globoplay”;flow:from_client;appid:globoplay; sid:1000055 ; classtype:misc-activity; rev:1;)

I tried “drop” but it did not work!

Any idea?


tks


--
************************************
César Fabre, MSc
NETI-HCFMUSP | CIS
Telefone: (11) 2661-6018
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20180529/0991fa7c/attachment.html>


More information about the Snort-openappid mailing list