[Snort-users] blocking packets with snort 1.7
robertg at ...970...
Fri Jan 26 09:32:56 EST 2001
I would like to deny the downloading of a massive file from a web server
on my network. I have tried the following rule without success. In fact,
when I add the "resp: rst_all;" rule option snort will not even start
up. It's my understanding that this option will send TCP_RST packets in
alert tcp $EXTERNAL_NET any -> a.b.c.d 80 (msg:"Massive file
download";flags:PA; content:".exe"; nocase; resp: rst_all;)
Any help would be truely appreciated.
More information about the Snort-users