[Snort-users] Writing rules

Patrice.Arnal at ...4604... Patrice.Arnal at ...4604...
Mon Jun 2 01:16:02 EDT 2003


Using Snort 1.6 to 1.9 , the following rules triggered fine :

alert tcp any any -> any 80 (msg:"INFO WEB-MISC Domino da50.nsf 
access";flags: A+;content:"/da50.nsf";)
alert tcp any any -> any 80 (msg:"WEB-MISC Lotus Notes da50.nsf access"; 
flow:to_server,established; uricontent:"/da50.nsf"; 
classtype:web-application-attack; sid:2065; rev:1;)

Since Snort2.0 they no more trigger 


More information about the Snort-users mailing list