[Snort-users] simple rule to alert when visiting a website
maryandrews22 at ...11827...
Tue Nov 17 10:49:50 EST 2009
Forgive us, but we are evaluating the software and we are now learning it
OK, I suppose you can call us newbies.
we are trying to write simple rules, we have had some success so far,
a little at a time, we are now trying to write a small rule to alert if
is visiting a specific site, say www.ebay.com
so far we have this in a file called testing.rules.
alert icmp any any -> any any (msg:"$$$$$TESTING rule$$$$$"; sid:1000001;)
its rudimentary, we know, but its working ok. before we uncomment the
config and include
a bigger set of rules, we want to regresstion test them in their simplest
if someone replies, and since I am not 100% sure how this list works yet,
could you please copy me here? maryandrews22 at ...11827...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users