Hosting Provided By

[Snort-sigs] Facing problem with react keyword.!

From: parikshit <parikshit(at)elitecore.com>
Date: Sat Mar 15 2003 - 01:44:05 EST

Hello ,

I am facing problem with react keyword . I want to block TCP connection depending on certain keywords in contents. I have prepared a content-list file and I think it is okay.

I want to block sites that have certain keywords in the content.

I am writting rule as follows ..

alert tcp $HOME_NET any -> $EXTERNAL_NET any (content-list:"contentfile.txt";msg:"content list rule violated.Co nection blocked..";react:block,msg;)

HOME_NET is the internal physical network. EXTERNAL_NET is the external world.
contentfile.txt is a collection of words one per line that I am looking in the packets for !

The rule is not working as I expact. The alerts are generated . but the TCP connections doesn't seems to be blocked..

What should I do ?

Do you need help?

rgds
-Parikshit

This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Sat Mar 15 02:37:14 2003

This message: [ Message body ]
Next message: parikshit: "[Snort-sigs] Probelm with react and resp keywords"
Previous message: parikshit: "[Snort-sigs] problem with react keyword"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:25 EDT