Is my Snort rule correct ?

Discussion in 'other security issues & news' started by lunarlander, May 7, 2013.

Thread Status:
Not open for further replies.
  1. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    326
    Hi,

    I have made a Snort rule to detect the words "top secret"

    alert tcp any any -> any 80 (msg: "top secret"; content: "top secret"; nocase'; SID: 99999; )

    Is the rule correct? I don't get any alert when I type "top secret" into google.
     
  2. biscuitdh

    biscuitdh Registered Member

    Joined:
    May 9, 2013
    Posts:
    1
    Location:
    USA
    id try 443 also.
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    A good website to sort out SNORT rules w/fwsnort is at CipherDyne - fwsnort.

    You may not be using fwsnort, but you could certainly ask the author of the Linux Firewalls book and the tool fwsnort at that website about your snort rule.

    -- Tom
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.