|
|
|
|
Snort Forums Archive
Archive Home » Rules » Snort Rules for outbound port 25 traffic
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Snort Rules for outbound port 25 traffic
Posted by Marine1 on April 11, 2005 05:47:53
Trying to capture outbound port 25 traffic. Tried using the following rule:
alert tcp $home-net -> any 25 - doesn't seem to work.
|
|
Posted by SamP on June 05, 2005 12:24:36
I believe the variables in the snort.conf are case-sensitive & the default variable for your home net is: " $HOME_NET " with an "underscore" not a "hyphen".
See if that was the problem. |
|
Posted by SamP on June 05, 2005 12:26:22
One other thing ...
By default, $HOME_NET is set to "any" in the snort.conf -- so, you may want to set that value to the actual subnet you'll be monitoring. |
|
|
|
|
|
