[Snort-users] Rule to detect search engines
borja.luaces at ...11827...
Mon Jul 1 07:20:36 EDT 2013
I am updating some rules to detect phishing sites against our customer and
I was wondering if someone has created a rule set to "disable" search
I was firstly thinking about adding to each rule some pcre, one for each
mayor search engine (google, bing, yahoo,...) but I think this is nonsense.
As second option I though about creating a white list but I have no access
to create it, I am only allowed to create rules.
Any other idea?
thanks for your time,
Borja Luaces Altares
Junior malware analyst (MCSE Security,C|EH & CSSA)
Information Systems Security Officer
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users