Re: new to snort

[Leon Ward <leon () countersnipe com>]

I think you may want to specify a destination port of 25 there as well
(for SMTP outbound).

alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"LOCAL traffic from
home to external";) 

-Leon

>
On Mon, 2005-02-07 at 11:25 -0500, Matt Kettler wrote:
> At 10:27 AM 2/7/2005, Jürgen Schinker wrote:
> > can somebody write me a rule to detect simple mail Traffic from HOME_NET ->
> > EXTERNAL_NET?
>
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"LOCAL traffic from home 
> to external";) 
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users