[Snort-users] Rule help
markus.lude at ...348...
Fri Dec 19 22:19:26 EST 2008
On Fri, Dec 19, 2008 at 07:42:49PM -0700, Jefferson, Shawn wrote:
> I need to create a rule that alerts whenever a connection is made to a
> specific IP address. I've never created a rule before, and
> unfortunately, I need this fairly quickly. Can anyone help me out?
> Here's what I have:
> alert tcp any any -> 184.108.40.206 any (msg:"VMWare Service Infected"; sid:2000001; rev:1;)
You may want to use "ip" instead of "tcp" for the protocol.
More information about the Snort-users