SNORT rule does not work!



  • hello

    I have a problem.
    I do these steps of snort for adjusting rule. (with Kali version in vmware)

    1. cd /etc/snort/rules
    2. sudo nano twitter.rules
    3. reject tcp any any -> any any (content:"www.twitter.com";msg:"Block lists";sid:1000001; )
    4. sudo nano /etc/snort/snort.conf
    5. Add –> include $RULE_PATH/twitter.rules
    6. sudo snort -A console -i eth0 -c /etc/snort/snort.conf -l /var/log/snort -K ascii

    after this steps , I received this message "commencing packet processing"
    but when I want to open twitter site , sometimes this site does not open but sometimes open!
    and also the msg for rule does not appear!

    I want to know why I can't block the site and get this message?!

    thanks



  • Twitter is HTTPS. You can't see the content because it's encrypted.



  • I just told one example, actually I have this problem with any website.
    and I don't want to see the content, I just want to block the site.


Log in to reply