No subject


Thu Nov 23 16:36:19 EST 2017


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:
"IDS342/shellcode-LinuxCommonTCP"; flags: AP; content: "|90 90 90 e8 c0 ff
ff ff|/bin/sh";)

To something like this:
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:
"IDS342/shellcode-LinuxCommonTCP"; flags: AP; content: "|90 90 90 e8 c0 ff
ff ff|/bin/sh"; severity: crit;)

Then you could sort messages easily and react to important ones.

Just a thought! :)

John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909





More information about the Snort-users mailing list