[Snort-sigs] dropping traffic

Erek Adams erek at ...95...
Wed May 28 08:59:03 EDT 2003

On Wed, 28 May 2003, Esler, Joel  Contractor wrote:

> pass $SMTP_SERVERS any -> $EXTERNAL_NET any (msg:"Traffic dropper";
> content????????????????????????
> What would I write to be able to drop all traffic from the email server
> (filter it out basically)....


> or what could I write to trigger an IP?
> (both ways I am asking)....
> alert <IP here> any -> $HOME_NET (msg:"<IP here> connection event";
> content:"%20";)

Yes.  You could even remove the content to make it fire on any connection


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-sigs mailing list