[Oisf-users] Problem to Start Suricata
Mesra.net CEO
admin at mesra.my
Fri Jul 14 00:10:21 UTC 2017
Dear Sir,
Let me explain about the rule, actually i try to detect if any of my client
email been defaced and spammer will send out thousand of email out from my
network to anybody email, i try with the rules and trying to send out with
message and subject 'sexiest' but on fast.log doesnt show up anything
related to the rule
Please help. TQ so much
-----Original Message-----
From: rmkml
Sent: Friday, July 14, 2017 7:44 AM
To: Mesra.net CEO
Cc: oisf-users at lists.openinfosecfoundation.org ; rmkml at ligfy.org
Subject: Re: [Oisf-users] Problem to Start Suricata
Hi Mesra,
yes you have switched dest_ip (any) and dest_port ([25,587,465]), please
try this (not tested):
alert tcp $HOME_NET any -> any [25,587,465] (msg:"*** WARNING!!!
WARNING!!! SUSPECT SPAMMER!!! ***"; dsize:>0; content:"sexiest";
sid:6677666667; rev:1;)
Best Regards
@Rmkml
On Fri, 14 Jul 2017, Mesra.net CEO wrote:
> Dear All,
>
> I have problem on Suricata as below:
>
> 14/7/2017 -- 07:32:44 - <Error> - [ERRCODE:
> SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address "25"
> 14/7/2017 -- 07:32:44 - <Error> - [ERRCODE:
> SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp
> $HOME_NET any -> [25,587,465] any (msg:"*** WARNING!!! WARNING!!! SUSPECT
> SPAMMER!!! ***"; dsize:>0;
> content:"sexiest"; sid:6677666667; rev:1;)" from file
> /etc/suricata/rules/custom.rules at line 46
>
> Is thres any problem with my rule:
>
> alert tcp $HOME_NET any -> [25,587,465] any (msg:"*** WARNING!!!
> WARNING!!! SUSPECT SPAMMER!!! ***"; dsize:>0; content:"sexiest";
> sid:6677666667; rev:1;)" from file /etc/suricata/rules/custom.rules at
> line 46
>
> Please advice. TQ so much
>
>
>
>
More information about the Oisf-users
mailing list