SNORT rule does not work!
I have a problem.
I do these steps of snort for adjusting rule. (with Kali version in vmware)
1. cd /etc/snort/rules
2. sudo nano twitter.rules
3. reject tcp any any -> any any (content:"www.twitter.com";msg:"Block lists";sid:1000001; )
4. sudo nano /etc/snort/snort.conf
5. Add –> include $RULE_PATH/twitter.rules
6. sudo snort -A console -i eth0 -c /etc/snort/snort.conf -l /var/log/snort -K ascii
after this steps , I received this message "commencing packet processing"
but when I want to open twitter site , sometimes this site does not open but sometimes open!
and also the msg for rule does not appear!
I want to know why I can't block the site and get this message?!
Twitter is HTTPS. You can't see the content because it's encrypted.
I just told one example, actually I have this problem with any website.
and I don't want to see the content, I just want to block the site.