[Snort-users] Issue while detecting patterns in a simple HTTP Page [Web client based]
thesujit at ...11827...
Sun Nov 21 13:59:23 EST 2010
I have installed Snort v2.8.x in FC-13//Ubuntu v10.10 and everything got
installed/configured (installed through Redhat Package Manager//Synaptic
Package Manager) successfully. But while writing a rule to detect a simple
pattern inside HTML body, snort is failing to do so! If I check for the HTTP
MIME headers only i.e. "Content-Type:", "Via:" etc. then snort detects those
patterns flawlessly. Even I wrote a simple rule to detect GET requests over
$HTTP_PORTS and its working fine.
But while it comes to check for the contents inside the HTML body (client
side web pages) entity then snort is not even detecting a single <html> tag.
I guess, its an issue with any preprocessors, but I have no idea that which
preprocessor could be creating such issues.
I am fully stuck in that place and not able to figure out that how I should
fix this silly problem.
Please help. Any help would be more appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users