[Snort-users] snort 1.6.3 problem

GMX Dumpmail Dumpmail at ...158...
Thu Jul 27 10:13:52 EDT 2000


   i am using snort 1.6.3 on a SUSE 6.4 box. I have 45 virtual ips on
   my machine in different subnets. that menas that i have 45 virttal
   interfaces (eth0,eth0:0,...eth0:43) with the IPs
   Now i want snort to listen on juts port connetcs (21,22 or 80 etc.)
   on these ips. How can i do that or have i to write 45 rules for each rule?
   Another problem is that i want to log appents fast after each other
   only ONE time.
   For example:
   alert tcp any any -> 21 (msg: "FTP connect";)
   this makes on one connect of a FTP programm 4 alerts but i want only
   1. How can i do this?
   Ok thanks for all
 please answer fast, i am in a VERY big hurry THX!

Best regards,
Thomas                          mailto:Dumpmail at ...158...

More information about the Snort-users mailing list