HI, Can anyone please explain that how can i make custom rule. i can see rules in /etc/psad/signatures however i can not understand the format. can anyone throw some light on this.
for example if i want to trigger an alarm and block IP if traffic found on 5060 TCP or UDP both. and for example if i want to block traffic on TCP flag bases. any help will be highly appreciated. Thanks, MYK
------------------------------------------------------------------------------
_______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss