[Snort-users] no alerts on the dos screen

mary andrews maryandrews22 at ...11827...
Tue Nov 17 14:04:07 EST 2009


# testing.rules
alert icmp any any -> any any (msg:"$$$$$TESTING rule$$$$$"; sid:1000001;)
alert tcp any any -> any any (msg:"test ebay rule";
flow:to_server,established; content:"ebay.com"; nocase; sid:10000002;
rev:1;)
--------

See, if we ping any  host, we get the $$$$$TESTING rule$$$$$  message on the
dos screen.

But if we visit www.ebay.com from our browser, we dont get to see any alerts
on the dos screen.


please, very please?

thanks,
m
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091117/168fda8e/attachment.html>


More information about the Snort-users mailing list