[Snort-users] Snort sdrop

Joao Daniel Neves joaodanielnevesss at ...125...
Mon Apr 22 08:54:51 EDT 2013


The IP Z.X.C.V is triggering a lot of alarms on my IDS (more than 1 million). I have wrote a very simple Snort rule to drop packages from this source. For some reason it is not working. Did I did something wrong ?

sdrop udp Z.X.C.V any -> any any
sdrop tcp Z.X.C.V any -> any any
sdrop icmp Z.X.C.V any -> any any

Of course, I have restarted Snort

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130422/4d95d312/attachment.html>

More information about the Snort-users mailing list