[Snort-sigs] Question about a Snort rule

Miso Patel miso.patel at ...2420...
Fri Feb 25 10:21:14 EST 2011


My engineers are having trouble with a custom rule:

alert udp $HOME_NET any -> $EXTERNAL_NET any (msg:"iPad related HTTP
request"; content:"iPad"; http_uri; nocase; flags:S;
classtype:bad-unknown; reference:url,www.apple.com/ipad/;
sid:18954545; rev:1;)

Any help would be appreciated.  The rule does not seem to be alerting
for some reason and I think this could be a bug with Snort.

Thanks.

Miso, CISO




More information about the Snort-sigs mailing list