[Snort-sigs] dropping traffic

Esler, Joel Contractor EslerJ at ...785...
Wed May 28 07:05:19 EDT 2003


pass $SMTP_SERVERS any -> $EXTERNAL_NET any (msg:"Traffic dropper";
content????????????????????????

What would I write to be able to drop all traffic from the email server
(filter it out basically)....  or what could I write to trigger an IP?
(both ways I am asking)....

alert <IP here> any -> $HOME_NET (msg:"<IP here> connection event";
content:"%20";)

or something??

J




More information about the Snort-sigs mailing list