[Snort-sigs] sig question
nduda at ...1896...
Wed Sep 24 08:39:17 EDT 2003
First off thanks to all for helping me with pass rules, works good. I have a question along the same lines, will creating a sig with the header using the !insert_ip_address work just as good? (I am new to snort)
So if i had a sig that i wanted to alert everytime its triggered except from a certain IP could i do this?
alert udp $EXTERNAL_NET any -> !insert_ip_address 161 (msg:"SNMP request udp"; reference:cve,CAN-2002-0012; reference:cve,CAN-2002-0013; sid:1417; rev:2; classtype:attempted-recon;)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs