Re: Help needed on snort

Wouter van Gils Wed, 11 Jul 2001 14:29:25 -0700

You mean like an example rule ?

var ETH0 [your_ip]
alert  tcp !192.168.254.0/24 any -> $ETH0 23 (ipopts: rr ; msg: "External request for 
telnet";)

like this ?

don't forget this nice option:

preprocessor portscan: your_ext_ip  10 5  /var/log/snort/portscan.log







[On 11 Jul, 2001, Luc MAIGNAN wrote in " Help needed on snort "]
> Hi,
> 
> I use (I would to ...) snort v1.7, but I don't succeed to use the scripts 
> given on the web site. Has anyone an example to let me understand what to do ?
> 
> Best regards
> 
> 
> --  
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wouter van Gils -=- [EMAIL PROTECTED]
http://the-construct.cx/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Help needed on snort

Reply via email to