[Snort-users] Easy web-server protection?

twig les twigles at ...131...
Wed Jan 29 10:56:06 EST 2003


You are describing a host-based firewall.  That is not
what snort is.  You can alternatively check out the
intrusion prevention thread from this list a few
months ago.  That went into some detail regarding host
protection and even named some urls/products.

--- velbloud <velbloud at ...131...> wrote:
> Hi guys,
> I was just wondering, if it was possible to install
> SNORT on a machine running Apache web-server and
> have
> it DROP or REJECT those packets containing cmd.exe,
> FFFFF, BBBBBB and whatever other crap. I am a newbie
> to the whole thing and I was playing with the SNORT
> a
> bit, but couldn't get it to refuse those packets. It
> did log them, but they still made it to the
> web-server.
> 
> I am using the standart installation and .conf files
> and I just tried to add a rule to the local.rules:
> 
> alert tcp any any -> 192.168.1.10/32 80 (msg:
> "no-way"; content: "cmd.exe";nocase; react:
> block,msg;)
> 
> but I guess I didn't get it right. Is anything like
> that possible at all? My server is behind a firewall
> so I am not really worried about the flag states
> etc.
> Do I have to use any of the MySQL setups? I want to
> keep it simple.
> 
> Any suggestions are greatly appreciated.
> Thanks.
> Libor
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
> 
> 
>
-------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld =
> Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list