[Snort-users] Making snort smarter...

Jason Haar Jason.Haar at ...294...
Tue Apr 29 02:00:04 EDT 2003


Paul Schmehl wrote:
> For the specific example you give I think it would be entirely 
> appropriate to create a var called "$IIS_SERVERS" and then put all the 
> *other* webservers under $HTTP_SERVERS.  I've suggested this before, and 
> I'd love to see it implemented in the rules, because IIS is a beast unto 
> itself.

Good idea - but as all IIS rules are within web-iis.rules, why not just 
script a rewrite?

echo "var IIS_SERVERS [1.2.3.4/32,2.3.4.1/32]"
sed 's/HTTP_SERVERS/IIS_SERVERS/g' web-iis.rules


Jason





More information about the Snort-users mailing list