Annon
Reputation: 123
How to alert if someone goes on a website other than the IP address listed?
I have a snort rule
alert tcp any -> !142.250.200.14 any (msg:"Bad Website"; sid:1000002; rev:1;)
The problem is it logs all websites, including the one listed as 142.250.200.14 as 'bad website'.
I want all websites to be alerted except 142.250.200.14, is there an easy fix to the rule?
I suspect it has something to do with the '!', but I'm not sure.
PS. I'm a newbie.
Upvotes: 0
Views: 547
Answers (1)
Aarav Dave
Reputation: 80
You can make a list and iterate through that. You can reverse the effect or avoid it this way.
Upvotes: 0
Related Questions
- Snort Website Block Rule
- Block website users if their IP address resolves to a specific domain
- possible to detect ISPs that give user different IP address on every page request for login security?
- Snort Rule to Alert DNS that has ACK
- How can I detect entry to a website by domain?
- PHP: Get IP address of server where user clicked a link redirecting to my external site
- Detect if navigated to by Domain Name or IP address
- Easiest way to check if a user is coming from a given IP block and redirect?
- Validate that an IP address is in fact a website with Javascript?
- How to detect the actual IP address of visitors