[Snort-users] snort rules flow option
bmc at ...950...
Fri Apr 25 06:53:09 EDT 2003
On Mon, Apr 14, 2003 at 03:42:11PM -0400, Michael Goodman wrote:
> Could someone please explain to me the difference between
> to_client and from_server? The snort users manual describes both as
> trigger on server responses from A to B. Thanks.
It is a semantics thing.
If the rule is looking for the server attacking the client, we use the
If the rule is looking for responses from an attack targeted at the server,
we use the "from_server" keyword.
This is my attempt to provide a bit more context to rules.
More information about the Snort-users