[Snort-users] Multiple networks and port-scanning...
cec at ...68...
Wed Jul 26 12:09:13 EDT 2000
Clever! But any thoughts on how you would know which machine was under
On Wed, 26 Jul 2000, Christian Hammers wrote:
> On Wed, Jul 26, 2000 at 04:33:14PM +0100, Peter Bates wrote:
> > and can I somehow have have the portscan
> > line cover all of the 3 blocks mentioned
> > in HOME_NET,HOME_NET2 and HOME_NET3???
> An idea for an mad hack woud be to write a preprocessor that substitutes
> all IPs that belong to the given nets by one single IP e.h. 10.1.1.1.
> Then you would only have to write your rules one time, looking for the
> dst address 10.1.1.1 and you catch packets for them all.
> Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
> ch at ...139... Internet & Security for Professionals Fax 0241/911879
> WESTEND ist CISCO Systems Partner - Premium Certified
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users