[Snort-users] Rule opinions
slave_tothe_box at ...131...
Tue Jun 24 06:07:00 EDT 2003
So ok...I have udp port 135 block anyways, but I
wanted to see if this would fly...so far this hasn't
seemed to work:
alert udp $EXTERNAL_NET any -> $HOME_NET 135
(msg:"Popup Spam Attempt"; content:"|F8 91 7B 5A 00 FF
D0 11 A9 B2 00 C0 4F B6 E6 FC|";)
The content is from:
Any ideas why this won't fly? The firewall using
iptables and snort are on the same box. Thanks!
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
More information about the Snort-users