Snort mailing list archives
DHCP Rules: Snort on W2k
From: Brian Ertel <bsertel () amherst edu>
Date: Fri, 25 Jan 2002 14:08:33 -0500
Hello, I am trying todetect a renegade DHCP server on my network. It's IP address is unknow, however I have its MAC address. I wrote a DHCP Rule to try to catch a DHCP event from this renegade server. The rule is as follows. I am REALLY unsure about it's syntax as I have never written a rule. ANY help is greatly appreciated. alert udp $HOME_NET 547 -> $HOME_NET any (msg: "DHCP Req @ Ack";) Thank you, Brian ---------------------------------- Brian Ertel Systems & Networking Amherst College Voice: 413-542-8320 Fax: 413-542-2626 bsertel () amherst edu ---------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DHCP Rules: Snort on W2k Brian Ertel (Jan 25)
- <Possible follow-ups>
- Re: DHCP Rules: Snort on W2k Matt Kettler (Jan 25)