[Snort-users] Multiple networks and port-scanning...

Christopher Cramer cec at ...68...
Wed Jul 26 12:09:13 EDT 2000


Clever!  But any thoughts on how you would know which machine was under
attack?

-Chris



On Wed, 26 Jul 2000, Christian Hammers wrote:

> On Wed, Jul 26, 2000 at 04:33:14PM +0100, Peter Bates wrote:
> ...
> > and can I somehow have have the portscan
> > line cover all of the 3 blocks mentioned
> > in HOME_NET,HOME_NET2 and HOME_NET3???
> 
> An idea for an mad hack woud be to write a preprocessor that substitutes
> all IPs that belong to the given nets by one single IP e.h. 10.1.1.1.
> Then you would only have to write your rules one time, looking for the
> dst address 10.1.1.1 and you catch packets for them all.
> 
> bye,
> 
>  -christian-
> 
> -- 
> Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
> ch at ...139...     Internet & Security for Professionals    Fax 0241/911879
>            WESTEND ist CISCO Systems Partner - Premium Certified
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 





More information about the Snort-users mailing list