[Snort-users] test string not alerting

Sean sean.barmettler at ...11827...
Thu Aug 27 15:04:48 EDT 2015


I can do a simple ICMP alert that works:
alert icmp any any -> 20.1.1.10 any ( msg: "ICMP packet to high value
target!"; sid: 1; rev:1; priority: 1;)

Yet I cant create a simple text string detector to detect HTML strings:
alert tcp any any <> any any (msg:"somebody farted"; content:"poop"; sid:
2; rev:2; priority: 1;)


I wouldnt waste a mailing lists time with this, but I've setup an entire
ESXI lab with routers, switches, security monitors, and THIS.. THIS is what
is stumping me.

hints/clues/suggestions welcome.

thanks.

Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150827/23ff5514/attachment.html>


More information about the Snort-users mailing list