Re: Modifying Rules Works One Direction, but Not T'Other

[waldo kitty <wkitty42 () windstream net>]

On 11/27/2014 7:22 PM, colony.three wrote:
> alert udp $EXTERNAL_NET any <> !192.168.1.7 any (msg:"ET TOR Known Tor

i'm not surprised... you've told snort to alert on all udp traffic in either 
direction that's not for 192.168.1.7... so all traffic from all other machines 
will raise an alert...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!