www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

SNORT rule does not work!

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Snort IDS
View previous topic :: View next topic  
Author Message
pink-hat



Joined: 24 Jun 2017
Posts: 2

PostPosted: Sat Jun 24, 2017 12:31 am    Post subject: SNORT rule does not work! Reply with quote

hello


I have a problem.
I do these steps of snort for adjusting rule. (with Kali version in vmware)


1. cd /etc/snort/rules
2. sudo nano twitter.rules
3. reject tcp any any -> any any (content:"www.twitter.com";msg:"Block lists";sid:1000001; )
4. sudo nano /etc/snort/snort.conf
5. Add --> include $RULE_PATH/twitter.rules
6. sudo snort -A console -i eth0 -c /etc/snort/snort.conf -l /var/log/snort -K ascii


after this steps , I received this message "commencing packet processing"
but when I want to open twitter site , sometimes this site does not open but sometimes open!
and also the msg for rule does not appear!


I want to know why I can't block the site and get this message?!


thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Snort IDS All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group