[Snort-sigs] how can we alert on web visiting activity?

mary andrews maryandrews22 at ...2420...
Thu Nov 19 15:25:31 EST 2009


I apologize for frustrating you, I really dont mean to.




On Thu, Nov 19, 2009 at 3:24 PM, mary andrews <maryandrews22 at ...2420...>wrote:

> I tried it with the upper case K, still nothing.
>
> c:\snort\bin\snort -A console -i 2 -c c:\snort\etc\snort.conf -l
> c:\snort\log -K none -s
>
>
>
> On Thu, Nov 19, 2009 at 3:13 PM, Joel Esler <jesler at ...435...> wrote:
>
>> Well, I don't know anything about the flowbits problem you are talking
>> about.
>>
>> But I did ask an email'ed questions to devel about the functionality of
>> rawbytes since there may be some misunderstanding.
>>
>> But I wasn't provided any pcaps or anything of problems...
>>
>> J
>>
>>
>> On Thu, Nov 19, 2009 at 2:25 PM, evilghost at ...3397... <
>> evilghost at ...3397...> wrote:
>>
>>> It was effectively communicated to Joel Esler who forwarded it to SF
>>> development.  Flowbits are borked too by the way.
>>>
>>> Nigel Houghton wrote:
>>> > On Thu, Nov 19, 2009 at 2:01 PM, evilghost at ...3397...
>>> > <evilghost at ...3397...> wrote:
>>> >
>>> >> What version of Snort are you using?  I have had issues with content
>>> >> matching working correctly in the 2.8 branch (as have others at
>>> Emerging
>>> >> Threats), I was able to get content matching to work as expected by
>>> >> using the rawbytes option.  See section 3.5.3 in the Snort manual.
>>> >>
>>> >> content:"ebay"; nocase; rawbytes;
>>> >>
>>> >> -evilghost
>>> >>
>>> >
>>> > If you have evidence to support your claim, we would like to see it. A
>>> > bug report would be good, until then, please refrain from giving
>>> > "advice" like this. Your recommendation is detrimental to performance.
>>> >
>>> >
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>> 30-Day
>>> trial. Simplify your report design, integration and deployment - and
>>> focus on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> Snort-sigs mailing list
>>> Snort-sigs at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>
>>
>>
>>
>> --
>> Joel Esler | 302-223-5974 | gtalk: jesler at ...435...
>>
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091119/d76af4d4/attachment.html>


More information about the Snort-sigs mailing list