Re: Help needed on snort

To: Luc MAIGNAN <dirtech@winxpert.com>
Cc: debian-security@lists.debian.org
Subject: Re: Help needed on snort
From: Wouter van Gils <wouter@the-construct.cx>
Date: Wed, 11 Jul 2001 23:07:54 +0200
Message-id: <[🔎] 20010711230753.A25047@the-construct.cx>
In-reply-to: <[🔎] 01071121362001.00887@yoga>; from dirtech@winxpert.com on Wed, Jul 11, 2001 at 09:36:20PM +0200
References: <[🔎] 01071121362001.00887@yoga>

You mean like an example rule ?

var ETH0 [your_ip]
alert  tcp !192.168.254.0/24 any -> $ETH0 23 (ipopts: rr ; msg: "External request for telnet";)

like this ?

don't forget this nice option:

preprocessor portscan: your_ext_ip  10 5  /var/log/snort/portscan.log







[On 11 Jul, 2001, Luc MAIGNAN wrote in " Help needed on snort "]
> Hi,
> 
> I use (I would to ...) snort v1.7, but I don't succeed to use the scripts 
> given on the web site. Has anyone an example to let me understand what to do ?
> 
> Best regards
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wouter van Gils -=- wouter@the-construct.cx
http://the-construct.cx/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reply to:

References:
- Help needed on snort
  - From: Luc MAIGNAN <dirtech@winxpert.com>

Prev by Date: Help needed on snort
Next by Date: Re: was I cracked? (rpc.statd, new version)
Previous by thread: Help needed on snort
Next by thread: Exim related buffer overflow in stable
Index(es):
- Date
- Thread