[Snort-users] file upload detection.

Rajeev Kapoor raj_kap99 at ...131...
Thu Apr 15 11:26:32 EDT 2004

Hi snorters
i am new to snort. i would like to write the rule that can alert me whenever any user from local intranet is uploading a file with extension , say, .zip  .. one obvious way is to look for .zip in content of packets. but the problem is that let say some user searches for "download music.zip " then it will match the rule. i just want that snort should alert whenever someone is uploading zip file...the soltion could be to monitor the entire session and if http post request contains ".zip" file then it should alert. 
i want the above desired rule to be written for http,ftp and smtp.
any idea???
rajeev kapoor
raj_kap99 at ...131...

Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040415/b63cb72d/attachment.html>

More information about the Snort-users mailing list