[Snort-users] Snort Newbie

Jason Withrow jwithrow at ...422...
Sat Sep 15 23:40:02 EDT 2001


Hi,  I just installed the 1.8 win32 build of Snort on a win2k Server.
 
I have having a difficult time getting the rule sets to work.
 
I think, that I don't have the rules set up properly. 
Do I need to define $INTERNAL and $EXTERNAL as ip/ports somewhere?
 
This is just for my home box.
 
Here is the sample rule I am trying to get to work.
 
alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS552/web-iis_IIS ISAPI
Overflow ida"; dsize: >239; flags: A+; uricontent: ".ida?"; classtype:
system-or-info-attempt; reference: arachnids,552;)
 
Thanks for any help, it is greatly appreciated.
 
- Jwatch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010915/8f8afdcc/attachment.html>


More information about the Snort-users mailing list