如果有人访问列出的 IP 地址以外的网站,如何提醒?
[英]How to alert if someone goes on a website other than the IP address listed?
问题描述
I have a snort rule
我有一个鼻息规则
alert tcp any -> !142.250.200.14 any (msg:"Bad Website"; sid:1000002; rev:1;)
The problem is it logs all websites, including the one listed as 142.250.200.14 as 'bad website'.问题是它记录了所有网站,包括列为 142.250.200.14 的“坏网站”。
I want all websites to be alerted except 142.250.200.14, is there an easy fix to the rule?我希望除 142.250.200.14 之外的所有网站都收到警报,是否有简单的规则修复?
I suspect it has something to do with the ','.我怀疑它与“,”有关。 but I'm not sure.但我不确定。
PS. PS。 I'm a newbie.我是新手。
1 个解决方案
解决方案1
0 2021-05-19 17:15:10
You can make a list and iterate through that.您可以制作一个列表并对其进行迭代。 You can reverse the effect or avoid it this way.您可以通过这种方式反转效果或避免它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.