[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Alert packet from Dark Web.
From: Dave Osbourne <dave () osbourne ! uk ! eu ! org>
Date: 2020-03-23 15:20:27
Message-ID: c89e2fd8-38bc-596f-4161-5dc914b7e902 () osbourne ! uk ! eu ! org
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Sorry I know that this doesn't help, but I just read this and in the
moment of that's going on the world had a little laugh...
Presumably, Michael, you meant
"/... would make life so much easier if they would just be RFC
3514-compliant //*(;*///"
in which case LOL!
D
On 2020-03-23 14:44, Michael Altizer (mialtize) via Snort-users wrote:
> It would make life so much easier if they would just be RFC
> 3514-compliant.
>
> On 3/22/20 12:36 PM, Joel Esler (jesler) via Snort-users wrote:
>> Largely I would say what you’re trying to do is rather impossible.
>> You need to identify /what/ you want to look for with a content
>> match. Looking for things from the “dark web” is just as big as
>> looking for things on the “non-dark” web.
>>
>> Sent from my iPad
>>
>>> On Mar 21, 2020, at 11:28, Junting Lai via Snort-users
>>> <snort-users@lists.snort.org> wrote:
>>>
>>> Hi,
>>>
>>> Can I just write a tcp snort rules to alert the dark net traffic
>>> which may come from Dark web? What should I really need to write in
>>> “content” in the rule.
>>>
>>> Thanks in advance.
>>>
>>>
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users@lists.snort.org
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.snort.org/mailman/listinfo/snort-users
>>>
>>> To unsubscribe, send an email to:
>>> snort-users-leave@lists.snort.org
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>> Please follow these rules:
>>> https://snort.org/faq/what-is-the-mailing-list-etiquette
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users@lists.snort.org
>> Go to this URL to change user options or unsubscribe:
>> https://lists.snort.org/mailman/listinfo/snort-users
>>
>> To unsubscribe, send an email to:
>> snort-users-leave@lists.snort.org
>>
>> Please visithttp://blog.snort.org to stay current on all the latest Snort news!
>>
>> Please follow these rules:https://snort.org/faq/what-is-the-mailing-list-etiquette
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> To unsubscribe, send an email to:
> snort-users-leave@lists.snort.org
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Sorry I know that this doesn't help, but I just read this and in the
moment of that's going on the world had a little laugh...<br>
<br>
Presumably, Michael, you meant <br>
<br>
"<font color="#0000ff"><i>... would make life so much easier if
they would just be RFC 3514-compliant </i><i><b><font \
size="+2">(;</font></b></i><i> </i></font>"<br>
<br>
<div class="moz-cite-prefix">in which case LOL!<br>
<br>
D<br>
<br>
On 2020-03-23 14:44, Michael Altizer (mialtize) via Snort-users
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:56590ee5-f018-f884-d6b5-6baf21c21151@cisco.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">It would make life so much easier if
they would just be RFC 3514-compliant.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 3/22/20 12:36 PM, Joel Esler
(jesler) via Snort-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:EBFD9615-293A-452A-95E9-A91E35842A11@cisco.com">
Largely I would say what you’re trying to do is rather
impossible. You need to identify
<i>what</i> you want to look for with a content match. Looking
for things from the “dark web” is just as big as looking for
things on the “non-dark” web.<br>
<br>
<div dir="ltr">Sent from my <span style="background-color:
rgba(255, 255, 255, 0);"> </span>iPad</div>
<div dir="ltr"><br>
<blockquote type="cite">On Mar 21, 2020, at 11:28, Junting Lai
via Snort-users <a class="moz-txt-link-rfc2396E"
href="mailto:snort-users@lists.snort.org"
moz-do-not-send="true">
<snort-users@lists.snort.org></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr"><span>Hi,</span><br>
<span></span><br>
<span>Can I just write a tcp snort rules to alert the dark
net traffic which may come from Dark web? What should I
really need to write in “content” in the rule.</span><br>
<span></span><br>
<span>Thanks in advance.</span><br>
<span></span><br>
<span></span><br>
<span>_______________________________________________</span><br>
<span>Snort-users mailing list</span><br>
<span><a class="moz-txt-link-abbreviated"
href="mailto:Snort-users@lists.snort.org"
moz-do-not-send="true">Snort-users@lists.snort.org</a></span><br>
<span>Go to this URL to change user options or unsubscribe:</span><br>
<span><a class="moz-txt-link-freetext"
href="https://lists.snort.org/mailman/listinfo/snort-users"
moz-do-not-send="true">https://lists.snort.org/mailman/listinfo/snort-users</a></span><br>
<span></span><br>
<span> To unsubscribe, send an email to:</span><br>
<span> <a class="moz-txt-link-abbreviated"
href="mailto:snort-users-leave@lists.snort.org"
moz-do-not-send="true">snort-users-leave@lists.snort.org</a></span><br>
<span></span><br>
<span>Please visit <a class="moz-txt-link-freetext"
href="http://blog.snort.org" moz-do-not-send="true">
http://blog.snort.org</a> to stay current on all the
latest Snort news!</span><br>
<span></span><br>
<span>Please follow these rules: <a
class="moz-txt-link-freetext"
href="https://snort.org/faq/what-is-the-mailing-list-etiquette"
moz-do-not-send="true">
https://snort.org/faq/what-is-the-mailing-list-etiquette</a></span><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" \
wrap="">_______________________________________________ Snort-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Snort-users@lists.snort.org" \
moz-do-not-send="true">Snort-users@lists.snort.org</a> Go to this URL to change user \
options or unsubscribe: <a class="moz-txt-link-freetext" \
href="https://lists.snort.org/mailman/listinfo/snort-users" \
moz-do-not-send="true">https://lists.snort.org/mailman/listinfo/snort-users</a>
To unsubscribe, send an email to:
<a class="moz-txt-link-abbreviated" href="mailto:snort-users-leave@lists.snort.org" \
moz-do-not-send="true">snort-users-leave@lists.snort.org</a>
Please visit <a class="moz-txt-link-freetext" href="http://blog.snort.org" \
moz-do-not-send="true">http://blog.snort.org</a> to stay current on all the latest \
Snort news!
Please follow these rules: <a class="moz-txt-link-freetext" \
href="https://snort.org/faq/what-is-the-mailing-list-etiquette" \
moz-do-not-send="true">https://snort.org/faq/what-is-the-mailing-list-etiquette</a> \
</pre> </blockquote>
<p><br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" \
wrap="">_______________________________________________ Snort-users mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:Snort-users@lists.snort.org">Snort-users@lists.snort.org</a> Go to this \
URL to change user options or unsubscribe: <a class="moz-txt-link-freetext" \
href="https://lists.snort.org/mailman/listinfo/snort-users">https://lists.snort.org/mailman/listinfo/snort-users</a>
To unsubscribe, send an email to:
<a class="moz-txt-link-abbreviated" \
href="mailto:snort-users-leave@lists.snort.org">snort-users-leave@lists.snort.org</a>
Please visit <a class="moz-txt-link-freetext" \
href="http://blog.snort.org">http://blog.snort.org</a> to stay current on all the \
latest Snort news!
Please follow these rules: <a class="moz-txt-link-freetext" \
href="https://snort.org/faq/what-is-the-mailing-list-etiquette">https://snort.org/faq/what-is-the-mailing-list-etiquette</a>
</pre>
</blockquote>
<br>
</body>
</html>
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave@lists.snort.org
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic