Re: snort signature help ..?
From: donnie (donnie_at_queyosepa.org)
Date: 01/23/05
- Next message: fritz-bayer_at_web.de: "Re: Windows 2000 F-Secure and Kaspersky / No read permissions"
- Previous message: donnie: "Re: NEtworking question -- Somewhat off toipic"
- In reply to: al: "snort signature help ..?"
- Next in thread: al: "Re: snort signature help ..?"
- Reply: al: "Re: snort signature help ..?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 Jan 2005 20:28:09 GMT
On Sun, 23 Jan 2005 14:19:38 GMT, "al" <{ask_me}@blueyonder.co.uk>
wrote:
>I've being looking through the snort help pages to see if I can create a
>rule to detect certain code fragments in HTML code. I'm still not sure it's
>possible as what I'd effectively be asking snort to do is piece together all
>the packets and inspect the completed file.
>
>For example, maybe I want an alert when one single HTML page contains the
>words FRED, ALICE and JOHN together. Is such a thing possible at all?
>
>Perhaps a layer 7 firewall such as MS ISA is more suited to this type of
>inspection. Any comments appreciated.
>
>
>
>
>a
>
#######################
I just installed snort on FreeBSD just to see what you were asking.
It appears that what you want to do can be done although I cant give
you the syntax just yet. It the meantime, take a look at:
http://www.snort.org/docs/snort_manual/node14.html
donnie.
- Next message: fritz-bayer_at_web.de: "Re: Windows 2000 F-Secure and Kaspersky / No read permissions"
- Previous message: donnie: "Re: NEtworking question -- Somewhat off toipic"
- In reply to: al: "snort signature help ..?"
- Next in thread: al: "Re: snort signature help ..?"
- Reply: al: "Re: snort signature help ..?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
