[Snort-users] snort? IMPORTANAT!
Dumpmail at ...158...
Thu Jul 27 15:58:46 EDT 2000
Thursday, July 27, 2000, 9:50:52 PM, you wrote:
BM> From: GMX Dumpmail <Dumpmail at ...158...> on 07/27/2000 02:40 PM
>>mhhh can't i irgnore the 3 remaining packets and only write the 1 on
>>screen form this ip.....?it is very important pleas help me THX!
BM> Not without writing a script to do it. And even then, it would be a fairly
BM> complex script I would think.
BM> The real solution is to allow your firewall to return a RST packet on the
BM> connection attempt instead of just absorbing the attack in a quasi stealth mode.
BM> This will (should) stop the remaining three SYN packets from being sent.
Ok now i have the colorizing done, but istn't i possible in ANY way to
filter just the output and not the packets?
I am using tail can't i do there something ?
Thomas mailto:Dumpmail at ...158...
More information about the Snort-users