Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Rules » Working rules for Dating Sites - By Klint

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Working rules for Dating Sites - By Klint


Posted by Kturney on August 18, 2006 22:03:12

#####################################################
#####By Klint (Kturney@memorialhealth.org)###########
###A+, Network+, Security+, MCP, MCSA, MCSE:2003#####
#####################################################
#####//Dating site Snort IDS Rules\\#################
#####################################################

##Start##

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - MySpace Login"; flow:established; pcre:"/Host\:\slogin.myspace.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Adultfriendfinder Search"; flow:established; pcre:"/Host\:\ssearch.adultfriendfinder.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Match.com Search"; flow:established; pcre:"/Host\:\swww.match.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - perfectmatch.com Search"; flow:established; pcre:"/Host\:\swww.perfectmatch.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Dating.com Browse"; flow:established; pcre:"/Host\:\swww.dating.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Eharmony.com Browse"; flow:established; pcre:"/Host\:\swww.eharmony.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Okcupid.com Browse"; flow:established; pcre:"/Host\:\swww.okcupid.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - HornyMatches.com Browse"; flow:established; pcre:"/Host\:\swww.hornymatches.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Yahoo Personals Browse"; flow:established; pcre:"/Host\:\spersonals.yahoo.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Search Your Love Browse"; flow:established; pcre:"/Host\:\swww.syl.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - LoveAccess Browse"; flow:established; pcre:"/Host\:\swww.LoveAccess.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - AmericanSingles Browse"; flow:established; pcre:"/Host\:\swww.AmericanSingles.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Local Sex Browse"; flow:established; pcre:"/Host\:\swww.NextSexBuddy.com\r\n/ism";)

alert tcp any any -> any 80 (msg:"INAPPROPRIATE - Local Sex Browse"; flow:established; pcre:"/Host\:\swww.chemistry.com\r\n/ism";)




Posted by Kturney on August 18, 2006 22:04:09

Each rule needs a ; ) on the end but the forums took it out..
Terms of Use | Privacy Policy | forum archives | site feedback ©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.