Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort on WindowsXP

From: "Michael Steele" <michaels () winsnort com>
Date: Sat, 6 Jul 2013 16:37:26 -0400
You might want to explain to him how this converts to Windows :)

---------\
grep -i -E "shellcode" /path/to/your/rules/*.rules
---------/
B
est regards,
Michael...

WINSNORT.com Management…
--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net] 
Sent: Saturday, July 06, 2013 9:21 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort on WindowsXP

On 7/6/2013 02:19, MCLEOD, DONNIE wrote:

Hi Snort users,can someone help with code alert for Snort to detect 
shell code on the above conf Snort is run in IDS mode using the 
following command line; snort -c C:\snort\etc\snort.conf -l 
C:\snort\log -i 1

Iam trying to get the IDS to trigger an alert on detection,thanks.


is this a school assignment?

there are already (139) existing shellcode related rules available... do
they not fit your needs?

grep -i -E "shellcode" /path/to/your/rules/*.rules

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

----------------------------------------------------------------------------
--
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!



------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: