[Snort-users] Multiple networks and port-scanning...
ch at ...139...
Wed Jul 26 11:38:03 EDT 2000
On Wed, Jul 26, 2000 at 04:33:14PM +0100, Peter Bates wrote:
> and can I somehow have have the portscan
> line cover all of the 3 blocks mentioned
> in HOME_NET,HOME_NET2 and HOME_NET3???
An idea for an mad hack woud be to write a preprocessor that substitutes
all IPs that belong to the given nets by one single IP e.h. 10.1.1.1.
Then you would only have to write your rules one time, looking for the
dst address 10.1.1.1 and you catch packets for them all.
Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
ch at ...139... Internet & Security for Professionals Fax 0241/911879
WESTEND ist CISCO Systems Partner - Premium Certified
More information about the Snort-users