[Snort-users] Easy web-server protection?

velbloud velbloud at ...131...
Wed Jan 29 10:37:06 EST 2003


Hi guys,
I was just wondering, if it was possible to install
SNORT on a machine running Apache web-server and have
it DROP or REJECT those packets containing cmd.exe,
FFFFF, BBBBBB and whatever other crap. I am a newbie
to the whole thing and I was playing with the SNORT a
bit, but couldn't get it to refuse those packets. It
did log them, but they still made it to the
web-server.

I am using the standart installation and .conf files
and I just tried to add a rule to the local.rules:

alert tcp any any -> 192.168.1.10/32 80 (msg:
"no-way"; content: "cmd.exe";nocase; react:
block,msg;)

but I guess I didn't get it right. Is anything like
that possible at all? My server is behind a firewall
so I am not really worried about the flag states etc.
Do I have to use any of the MySQL setups? I want to
keep it simple.

Any suggestions are greatly appreciated.
Thanks.
Libor

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list