Home page logo
/

snort logo Snort mailing list archives

Rule to detect search engines
From: Borja Luaces <borja.luaces () gmail com>
Date: Mon, 1 Jul 2013 13:20:36 +0200

Hello all,

I am updating some rules to detect phishing sites against our customer and
I was wondering if someone has created a rule set to "disable" search
engine impacts.

I was firstly thinking about adding to each rule some pcre, one for each
mayor search engine (google, bing, yahoo,...) but I think this is nonsense.

As second option I though about creating a white list but I have no access
to create it, I am only allowed to create rules.

Any other idea?

thanks for your time,

-- 
Borja Luaces Altares
Junior malware analyst (MCSE Security,C|EH & CSSA)
Information Systems Security Officer
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]