[Snort-sigs] ftp rules

santhoj san santhojirulappan at ...2420...
Fri Oct 23 00:35:34 EDT 2015


Ya I tried with drop. Still it is not dropping the packets. I used the
below rule

drop tcp any any -> any any (msg:"No chrome"; appid:chrome; sid:10000004;
rev:001;)
drop tcp any any -> any any (msg:"No skype"; appid:skype; sid:10000005;
rev:001;)

Still I am able to access chrome, skype.

Thanks & Regards
Santhoj Irulappan

On Fri, Oct 23, 2015 at 12:50 AM, Adonis Okpidi <adonisokpidi at ...2420...>
wrote:

> You can use 'drop' instead of 'alert'
>
> Best Regards,
> Adonis Okpidi
>
>
> On 22 Oct 2015, at 18:28, santhoj san <santhojirulappan at ...2420...> wrote:
>
> Hi, Can anyone help me in how to make a rule to drop the packets.
>
> Thanks & Regards
> Santhoj Irulappan
>
> On Thu, Oct 22, 2015 at 9:12 PM, Adam Ring <adam.ring at ...4072...>
> wrote:
>
>> Yea I just found out about the protocol-ftp rules.  Thanks.
>>
>>
>>
>> *From:* Joel Esler (jesler) [mailto:jesler at ...3865...]
>> *Sent:* Thursday, October 22, 2015 11:42 AM
>> *To:* Adam Ring
>> *Cc:* snort-sigs at lists.sourceforge.net
>> *Subject:* Re: [Snort-sigs] ftp rules
>>
>>
>>
>> Take a look at protocol-ftp.rules
>>
>>
>>
>>
>>
>> --
>>
>> *Joel Esler*
>>
>> Manager, Talos Group
>>
>>
>>
>>
>>
>>
>>
>> On Oct 22, 2015, at 8:55 AM, Adam Ring <adam.ring at ...4074...
>> <adam.ring at ...4072...>> wrote:
>>
>>
>>
>> Hi I am new to snort and was trying to create an ftp rule.  I have
>> downloaded the rules from the website, but in the ftp file there aren’t any
>> rules in there.  I was wondering if that was supposed to be empty and if it
>> is, is there a place where I can go to find some examples of ftp rules?
>>
>>
>>
>> *Adam Ring*
>>
>> IT Help Desk Techniction
>>
>> Office 703.677.9540
>>
>>
>>
>> AOC Solutions <http://www.aocsolutions.com/> | Solutions That Pay®
>>
>>
>>
>> Blog <http://www.aocsolutions.com/blog> | Video
>> <http://www.aocsolutions.com/ap-payment-automation-video> | LinkedIn
>> <https://www.linkedin.com/company/139025?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1436380782168%2Ctas%3Aaoc%20solutions>
>>
>>
>>
>> *<image001.png>*
>> <http://www.aocsolutions.com/about-aoc/aoc-in-the-news/aoc-named-top-workplace-by-washington-post>
>>
>>
>>
>>
>>
>> This e-mail and any attachments may contain confidential and privileged
>>
>> information. If you are not the intended recipient, please notify the sender
>>
>> immediately by return e-mail, delete this e-mail and attachments (if applicable)
>>
>> and destroy any copies. Any dissemination or use of this information by a person
>>
>> other than the intended recipient is unauthorized and strictly prohibited. You
>>
>> may be subject to confidentiality restrictions in an existing contract with AOC
>>
>> Solutions, Inc. As a result, you must protect the contents of this communication
>>
>> according to such terms and conditions.
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>>
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>>
>>
>> This e-mail and any attachments may contain confidential and privileged
>> information. If you are not the intended recipient, please notify the sender
>> immediately by return e-mail, delete this e-mail and attachments (if applicable)
>> and destroy any copies. Any dissemination or use of this information by a person
>> other than the intended recipient is unauthorized and strictly prohibited. You
>> may be subject to confidentiality restrictions in an existing contract with AOC
>> Solutions, Inc. As a result, you must protect the contents of this communication
>> according to such terms and conditions.
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>>
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20151023/c5dd554b/attachment.html>


More information about the Snort-sigs mailing list