[Snort-sigs] sig question
mkettler at ...189...
Wed Sep 24 10:32:09 EDT 2003
At 11:37 AM 9/24/2003, Nick Duda wrote:
>So if i had a sig that i wanted to alert everytime its triggered except
>from a certain IP could i do this?
>alert udp $EXTERNAL_NET any -> !insert_ip_address 161 (msg:"SNMP request
>udp"; reference:cve,CAN-2002-0012; reference:cve,CAN-2002-0013; sid:1417;
Yes, provided that you want it to fire off for _any_ destination besides
"insert_ip_address", without regard for HOME_NET.
More information about the Snort-sigs