[Snort-users] Snort sdrop
Joao Daniel Neves
joaodanielnevesss at ...125...
Mon Apr 22 08:54:51 EDT 2013
The IP Z.X.C.V is triggering a lot of alarms on my IDS (more than 1 million). I have wrote a very simple Snort rule to drop packages from this source. For some reason it is not working. Did I did something wrong ?
sdrop udp Z.X.C.V any -> any any
sdrop tcp Z.X.C.V any -> any any
sdrop icmp Z.X.C.V any -> any any
Of course, I have restarted Snort
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users