Snort mailing list archives
Re: Variable
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 22 Aug 2001 09:46:33 -0700 (PDT)
On Wed, 22 Aug 2001 john.ruff () us abb com wrote:
Thanks for you response Erek.
And wonderful reading it was too... God, I get grumpy when I don't get enough coffee. :-/
I tested your suggestions as such: var HOME_NET [any, !192.168.1.10] (Maybe I'm wrong by putting the 'any' inside the brackets?) That did not work, but the following solution did: var HOME_NET [!192.168.1.10] I'm capturing any -> any excluding traffic going to the one IP address.
Check out my followup: I make a mistake... It should be var HOME_NET [!192.168.1.10/32] See, this is why you shouldn't try to think without waking up first. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Variable john . ruff (Aug 22)
- Re: Variable Erek Adams (Aug 22)
- Re: Variable Erek Adams (Aug 22)
- <Possible follow-ups>
- Re: Variable john . ruff (Aug 22)
- Re: Variable Erek Adams (Aug 22)
- Re: Variable Erek Adams (Aug 22)