[Snort-users] Rule help

Jefferson, Shawn Shawn.Jefferson at ...14448...
Fri Dec 19 21:42:49 EST 2008


Hi,

I need to create a rule that alerts whenever a connection is made to a specific IP address.  I've never created a rule before, and unfortunately, I need this fairly quickly.  Can anyone help me out?

Here's what I have:
alert tcp any any -> 146.155.47.250 any (msg:"VMWare Service Infected"; sid:2000001; rev:1;)

Am I missing anything necessary for the rule to work?

Thanks,
Shawn


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20081219/708931f0/attachment.html>


More information about the Snort-users mailing list