[Snort-users] Multiple networks and port-scanning...

Christian Hammers ch at ...139...
Wed Jul 26 11:38:03 EDT 2000

On Wed, Jul 26, 2000 at 04:33:14PM +0100, Peter Bates wrote:
> and can I somehow have have the portscan
> line cover all of the 3 blocks mentioned

An idea for an mad hack woud be to write a preprocessor that substitutes
all IPs that belong to the given nets by one single IP e.h.
Then you would only have to write your rules one time, looking for the
dst address and you catch packets for them all.



Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch at ...139...     Internet & Security for Professionals    Fax 0241/911879
           WESTEND ist CISCO Systems Partner - Premium Certified

More information about the Snort-users mailing list