[Snort-users] Modifying Rules Works One Direction, but Not T'Other

waldo kitty wkitty42 at ...14940...
Thu Nov 27 20:52:44 EST 2014


On 11/27/2014 7:22 PM, colony.three wrote:
> alert udp $EXTERNAL_NET any <> !192.168.1.7 any (msg:"ET TOR Known Tor

i'm not surprised... you've told snort to alert on all udp traffic in either 
direction that's not for 192.168.1.7... so all traffic from all other machines 
will raise an alert...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list