[Snort-users] Snort sdrop
jesler at ...1935...
Mon Apr 22 09:31:50 EDT 2013
On Apr 22, 2013, at 9:00 AM, Joao Daniel Neves <joaodanielnevesss at ...125...> wrote:
> The IP Z.X.C.V is triggering a lot of alarms on my IDS (more than 1 million). I have wrote a very simple Snort rule to drop packages from this source. For some reason it is not working. Did I did something wrong ?
> sdrop udp Z.X.C.V any -> any any
> sdrop tcp Z.X.C.V any -> any any
> sdrop icmp Z.X.C.V any -> any any
> Of course, I have restarted Snort
Are you sure that's what you want to do? Are you sure you don't want a suppression?
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users