[Snort-sigs] Questions 101
Chris Green
cmg at ...435...
Thu Apr 3 13:08:53 EST 2003
"Esler, Joel Contractor" <EslerJ at ...785...> writes:
> To create a rule to look for specific IP's regardless of content would be???
>
> alert tcp <IP> any -> $home_net any; (MSG:<IP>; content:""; nocase;
> classification:misc-activity;)
alert ip 192.168.1.1 any -> $HOME_NET any (msg: "I want my... I want my... AYE PEA";)
--
Chris Green <cmg at ...435...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-sigs
mailing list