[Snort-users] Snort on WindowsXP

Michael Steele michaels at ...9077...
Sat Jul 6 16:37:26 EDT 2013


You might want to explain to him how this converts to Windows :)

---------\
grep -i -E "shellcode" /path/to/your/rules/*.rules
---------/
B
est regards,
Michael...

WINSNORT.com Management

--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************

-----Original Message-----
From: waldo kitty [mailto:wkitty42 at ...14940...] 
Sent: Saturday, July 06, 2013 9:21 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort on WindowsXP

On 7/6/2013 02:19, MCLEOD, DONNIE wrote:
> Hi Snort users,can someone help with code alert for Snort to detect 
> shell code on the above conf Snort is run in IDS mode using the 
> following command line; snort -c C:\snort\etc\snort.conf -l 
> C:\snort\log -i 1
>
> Iam trying to get the IDS to trigger an alert on detection,thanks.

is this a school assignment?

there are already (139) existing shellcode related rules available... do
they not fit your needs?

grep -i -E "shellcode" /path/to/your/rules/*.rules

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

----------------------------------------------------------------------------
--
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!






More information about the Snort-users mailing list