Snort mailing list archives

Re: Variable

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 22 Aug 2001 09:46:33 -0700 (PDT)

On Wed, 22 Aug 2001 john.ruff () us abb com wrote:

Thanks for you response Erek.


And wonderful reading it was too...  God, I get grumpy when I don't get enough
coffee.  :-/

I tested your suggestions as such:

var HOME_NET [any, !192.168.1.10]
(Maybe I'm wrong by putting the 'any' inside the brackets?)

That did not work, but the following solution did:

var HOME_NET [!192.168.1.10]

I'm capturing any -> any excluding traffic going to the one IP address.


Check out my followup:  I make a mistake...  It should be

var HOME_NET [!192.168.1.10/32]

See, this is why you shouldn't try to think without waking up first.


-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Variable john . ruff (Aug 22)
- Re: Variable Erek Adams (Aug 22)
  - Re: Variable Erek Adams (Aug 22)
- <Possible follow-ups>
- Re: Variable john . ruff (Aug 22)
- Re: Variable Erek Adams (Aug 22)