[Snort-users] Tracing certain file requests ...
security at ...9153...
Mon May 12 06:50:02 EDT 2003
Could some help me here ... im trying to keep tabs on specific binary files
through Snort and would like to log when the cross the network, to write a
rule for this Im attempting to hexdump the contents of the file out but how
would the rule be setup? Does this stuff work effectively if say I only
took the 1st 100 bytes of all traffic?
Thanks in advance.
More information about the Snort-users