[Snort-users] Snort on WindowsXP

waldo kitty wkitty42 at ...14940...
Sat Jul 6 09:20:41 EDT 2013


On 7/6/2013 02:19, MCLEOD, DONNIE wrote:
> Hi Snort users,can someone help with code alert for Snort to detect shell code
> on the above conf Snort is run in IDS mode using the following command line;
> snort -c C:\snort\etc\snort.conf -l C:\snort\log -i 1
>
> Iam trying to get the IDS to trigger an alert on detection,thanks.

is this a school assignment?

there are already (139) existing shellcode related rules available... do they 
not fit your needs?

grep -i -E "shellcode" /path/to/your/rules/*.rules

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list