[Snort-users] Snort rule Facebook Block

anvin igcar avigcar at ...11827...
Tue Feb 15 04:01:02 EST 2011


I want to block the INTERNAL NETWORK from viewing anything on
www.youtube.com website.

I've configured snort in the IDS mode.
and I execute it this way

[root at ...15114... ~]# snort -dQ -c /etc/snort/snort.conf -l /var/log/snort -A
console --daq dump

1) pass tcp any any -> any any (content:"www.youtube.com"; msg:"You are
BLOCKED...."; sid:9991111; rev:1;)

2) drop tcp any any -> any any (content:"www.youtube.com"; msg:"You are
BLOCKED...."; sid:9991112; rev:1;)

These rules are not blocking me from visiting the www.youtube.com website.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110215/99421596/attachment.html>


More information about the Snort-users mailing list