To modify Signatures using oinkmaster.
modifysid 1000000 "\$EXTERNAL_NET" | "!\$HOME_NET"
modifysid 1000001 "\$EXTERNAL_NET" | "![10.0.0.1,10.0.0.2]"
modifysid 1000001 "\-> any" | "\-> ![10.0.0.1]"
disablesid 1000002
DANGER: Don't you dare leave spaces between the IP address while you are negating them in modifysid shown in the second line. The reference for that is shown below from snort manual.
modifysid 1000000 "\$EXTERNAL_NET" | "!\$HOME_NET"
modifysid 1000001 "\$EXTERNAL_NET" | "![10.0.0.1,10.0.0.2]"
modifysid 1000001 "\-> any" | "\-> ![10.0.0.1]"
disablesid 1000002
DANGER: Don't you dare leave spaces between the IP address while you are negating them in modifysid shown in the second line. The reference for that is shown below from snort manual.
No comments:
Post a Comment