Re: Help needed on snort
You mean like an example rule ?
var ETH0 [your_ip]
alert tcp !192.168.254.0/24 any -> $ETH0 23 (ipopts: rr ; msg: "External request for telnet";)
like this ?
don't forget this nice option:
preprocessor portscan: your_ext_ip 10 5 /var/log/snort/portscan.log
[On 11 Jul, 2001, Luc MAIGNAN wrote in " Help needed on snort "]
> Hi,
>
> I use (I would to ...) snort v1.7, but I don't succeed to use the scripts
> given on the web site. Has anyone an example to let me understand what to do ?
>
> Best regards
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wouter van Gils -=- wouter@the-construct.cx
http://the-construct.cx/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reply to: