[Oisf-wg-ruleslanguage] Block metafile content
Shant Kassardjian
shant at skylab.ca
Thu Aug 5 02:11:15 UTC 2010
Hello,
I am currently testing suricata rule creation and have created the following test rule, it does alert in fast.log however does not block the download. Any idea why? or what additional step or new feature can be used in suricata to block this?
reject tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "P2P torrent metafile Download"; content:"d8\:announce"; flow:established; classtype:polic
y-violation; sid:1000012; rev:1;)
much appreciated,
Thank you!
Shant K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-wg-ruleslanguage/attachments/20100805/027a03af/attachment-0002.html>
More information about the Oisf-wg-ruleslanguage
mailing list