<div dir="ltr">Hi, Can anyone help me in how to make a rule to drop the packets.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">Thanks & Regards<div>Santhoj Irulappan</div></div></div></div>
<br><div class="gmail_quote">On Thu, Oct 22, 2015 at 9:12 PM, Adam Ring <span dir="ltr"><<a href="mailto:adam.ring@...4072..." target="_blank">adam.ring@...4072...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Yea I just found out about the protocol-ftp rules.  Thanks.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Joel Esler (jesler) [mailto:<a href="mailto:jesler@...3865..." target="_blank">jesler@...3865...</a>]
<br>
<b>Sent:</b> Thursday, October 22, 2015 11:42 AM<br>
<b>To:</b> Adam Ring<br>
<b>Cc:</b> <a href="mailto:snort-sigs@lists.sourceforge.net" target="_blank">snort-sigs@lists.sourceforge.net</a><br>
<b>Subject:</b> Re: [Snort-sigs] ftp rules<u></u><u></u></span></p>
</div>
</div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Take a look at protocol-ftp.rules <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Lucida Grande","serif";color:black">--<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Lucida Grande","serif";color:black">Joel Esler</span></b><span style="font-family:"Lucida Grande","serif";color:black"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Lucida Grande","serif";color:black">Manager, Talos Group<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica Neue","serif";color:black"><u></u> <u></u></span></p>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Oct 22, 2015, at 8:55 AM, Adam Ring <<a href="mailto:adam.ring@...4072..." target="_blank">adam.ring@...4074...</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi I am new to snort and was trying to create an ftp rule.  I have downloaded the rules from the website, but in the ftp file there aren’t any rules in there.  I was wondering
 if that was supposed to be empty and if it is, is there a place where I can go to find some examples of ftp rules?<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#404040">Adam Ring</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#404040">IT Help Desk Techniction</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#404040">Office 703.677.9540<span> </span></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#404040"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="http://www.aocsolutions.com/" target="_blank">AOC Solutions</a><span><b><span style="color:#404040"> </span></b></span><span style="color:#404040">|
 Solutions That Pay®</span><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#404040"> </span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="http://www.aocsolutions.com/blog" target="_blank">Blog</a><span><span style="color:#404040"> </span></span><span style="color:#404040">|<span> </span></span><a href="http://www.aocsolutions.com/ap-payment-automation-video" target="_blank">Video</a><span><span style="color:#404040"> </span></span><span style="color:#404040">|<span> </span></span><a href="https://www.linkedin.com/company/139025?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1436380782168%2Ctas%3Aaoc%20solutions" target="_blank">LinkedIn</a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#404040"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><a href="http://www.aocsolutions.com/about-aoc/aoc-in-the-news/aoc-named-top-workplace-by-washington-post" target="_blank"><i><span style="color:windowtext;text-decoration:none"><image001.png></span></i></a><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> <u></u><u></u></span></p>
</div>
<pre style="text-align:start;word-spacing:0px"><span style="font-size:9.0pt">This e-mail and any attachments may contain confidential and privileged<u></u><u></u></span></pre>
<pre><span style="font-size:9.0pt">information. If you are not the intended recipient, please notify the sender<u></u><u></u></span></pre>
<pre><span style="font-size:9.0pt">immediately by return e-mail, delete this e-mail and attachments (if applicable)<u></u><u></u></span></pre>
<pre><span style="font-size:9.0pt">and destroy any copies. Any dissemination or use of this information by a person<u></u><u></u></span></pre>
<pre><span style="font-size:9.0pt">other than the intended recipient is unauthorized and strictly prohibited. You<u></u><u></u></span></pre>
<pre><span style="font-size:9.0pt">may be subject to confidentiality restrictions in an existing contract with AOC<u></u><u></u></span></pre>
<pre><span style="font-size:9.0pt">Solutions, Inc. As a result, you must protect the contents of this communication<u></u><u></u></span></pre>
<pre><span style="font-size:9.0pt">according to such terms and conditions.<u></u><u></u></span></pre>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">------------------------------------------------------------------------------<br>
_______________________________________________<br>
Snort-sigs mailing list<br>
</span><a href="mailto:Snort-sigs@lists.sourceforge.net" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:purple">Snort-sigs@lists.sourceforge.net</span></a><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><br>
</span><a href="https://lists.sourceforge.net/lists/listinfo/snort-sigs" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:purple">https://lists.sourceforge.net/lists/listinfo/snort-sigs</span></a><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><br>
</span><a href="http://www.snort.org/" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:purple">http://www.snort.org</span></a><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><br>
<br>
<br>
Please visit<span> </span></span><a href="http://blog.snort.org/" target="_blank"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:purple">http://blog.snort.org</span></a><span><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""> </span></span><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">for
 the latest news about Snort!</span><u></u><u></u></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div><div class="HOEnZb"><div class="h5">



<pre>
This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the sender
immediately by return e-mail, delete this e-mail and attachments (if applicable)
and destroy any copies. Any dissemination or use of this information by a person
other than the intended recipient is unauthorized and strictly prohibited. You
may be subject to confidentiality restrictions in an existing contract with AOC
Solutions, Inc. As a result, you must protect the contents of this communication
according to such terms and conditions.</pre>
</div></div><br>------------------------------------------------------------------------------<br>
<br>_______________________________________________<br>
Snort-sigs mailing list<br>
<a href="mailto:Snort-sigs@lists.sourceforge.net">Snort-sigs@...639...forge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-sigs" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-sigs</a><br>
<a href="http://www.snort.org" rel="noreferrer" target="_blank">http://www.snort.org</a><br>
<br>
<br>
Please visit <a href="http://blog.snort.org" rel="noreferrer" target="_blank">http://blog.snort.org</a> for the latest news about Snort!<br></blockquote></div><br></div>