[Snort-users] Rule opinions

James Nonya slave_tothe_box at ...131...
Tue Jun 24 06:07:00 EDT 2003


So ok...I have udp port 135 block anyways, but I
wanted to see if this would fly...so far this hasn't
seemed to work:

alert udp $EXTERNAL_NET any -> $HOME_NET 135
(msg:"Popup Spam Attempt"; content:"|F8 91 7B 5A 00 FF
D0 11 A9 B2 00 C0 4F B6 E6 FC|";)

The content is from:
http://www.mynetwatchman.com/kb/security/articles/popupspam/netsend.htm

Any ideas why this won't fly?  The firewall using
iptables and snort are on the same box.  Thanks!

James

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com




More information about the Snort-users mailing list