You mean like an example rule ? var ETH0 [your_ip] alert tcp !192.168.254.0/24 any -> $ETH0 23 (ipopts: rr ; msg: "External request for telnet";)
like this ? don't forget this nice option: preprocessor portscan: your_ext_ip 10 5 /var/log/snort/portscan.log [On 11 Jul, 2001, Luc MAIGNAN wrote in " Help needed on snort "] > Hi, > > I use (I would to ...) snort v1.7, but I don't succeed to use the scripts > given on the web site. Has anyone an example to let me understand what to do ? > > Best regards > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Wouter van Gils -=- [EMAIL PROTECTED] http://the-construct.cx/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
