[Snort-users] snort 1.6.3 problem
Dumpmail at ...158...
Thu Jul 27 10:13:52 EDT 2000
i am using snort 1.6.3 on a SUSE 6.4 box. I have 45 virtual ips on
my machine in different subnets. that menas that i have 45 virttal
interfaces (eth0,eth0:0,...eth0:43) with the IPs
Now i want snort to listen on juts port connetcs (21,22 or 80 etc.)
on these ips. How can i do that or have i to write 45 rules for each rule?
Another problem is that i want to log appents fast after each other
only ONE time.
alert tcp any any -> 10.0.3.75 21 (msg: "FTP connect";)
this makes on one connect of a FTP programm 4 alerts but i want only
1. How can i do this?
Ok thanks for all
please answer fast, i am in a VERY big hurry THX!
Thomas mailto:Dumpmail at ...158...
More information about the Snort-users