[Snort-users] simple rule to alert when visiting a website

mary andrews maryandrews22 at ...11827...
Tue Nov 17 10:49:50 EST 2009


Forgive us, but we are evaluating the software and we are now learning it
too,
OK, I suppose you can call us newbies.


we are trying to write simple rules, we have had some success so far,
a little at a time, we are now trying to write a small rule to alert if
someone
is visiting a specific site, say www.ebay.com

so far we have this in a file called testing.rules.

# testing.rules
alert icmp any any -> any any (msg:"$$$$$TESTING rule$$$$$"; sid:1000001;)

 its rudimentary, we know, but its working ok. before we uncomment the
config and include
a bigger set of rules, we want to regresstion test them in their simplest
form.

if someone replies, and since I am not 100% sure how this list works yet,
could you please copy me here? maryandrews22 at ...11827...

many thanks,
m
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091117/7f28a304/attachment.html>


More information about the Snort-users mailing list