Home page logo

snort logo Snort mailing list archives

From: tarik shalo <tarikshalo () gmail com>
Date: Sat, 4 May 2013 14:46:38 +0300


I wrote the following rule to test if Snort fires when any executable files
are downloaded. However, the rule is not firing for some reason. Any help
or other option to accomplish the same goal, pls?

alert any any -> any any (msg: ".exe found"; flow:to_server,established;
content:".exe"; nocase;classtype:policy-violation;sid:10000056;rev:1; )

Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]