[Snort-users] Rule to detect search engines

Borja Luaces borja.luaces at ...11827...
Mon Jul 1 07:20:36 EDT 2013


Hello all,

I am updating some rules to detect phishing sites against our customer and
I was wondering if someone has created a rule set to "disable" search
engine impacts.

I was firstly thinking about adding to each rule some pcre, one for each
mayor search engine (google, bing, yahoo,...) but I think this is nonsense.

As second option I though about creating a white list but I have no access
to create it, I am only allowed to create rules.

Any other idea?

thanks for your time,

-- 
Borja Luaces Altares
Junior malware analyst (MCSE Security,C|EH & CSSA)
Information Systems Security Officer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130701/2f6bd8b9/attachment.html>


More information about the Snort-users mailing list