[Snort-users] snort? IMPORTANAT!

GMX Dumpmail Dumpmail at ...158...
Thu Jul 27 15:58:46 EDT 2000


Hello Bill,

Thursday, July 27, 2000, 9:50:52 PM, you wrote:



BM> From:     GMX Dumpmail <Dumpmail at ...158...> on 07/27/2000 02:40 PM
>>mhhh can't i irgnore the 3 remaining packets and only write the 1 on
>>screen form this ip.....?it is very important pleas help me THX!

BM> Not without writing a script to do it.  And even then, it would be a fairly
BM> complex script I would think.
BM> The real solution is to allow your firewall to return a RST packet on the
BM> connection attempt instead of just absorbing the attack in a quasi stealth mode.
BM> This will (should) stop the remaining three SYN packets from being sent.

BM> --Bill

Ok now i have the colorizing done, but istn't i possible in ANY way to
filter just the output and not the packets?
I am using tail can't i do there something ?

Best regards,
 Thomas                            mailto:Dumpmail at ...158...






More information about the Snort-users mailing list